- Cl0p ransomware gang leaked Post data after alleged refusal to pay ransom
- Oracle E-Business Suite Zero-Day Exploit to Attack Over 100 Companies, Including The Washington Post
- Other victims include Harvard, Schneider Electric; Police warn against paying ransoms
Now we can add Washington Post to the growing list of companies hacked through apparent security issues with some Oracle enterprise software.
In early October 2025, it emerged that hackers were sending emails to executives at several organizations in the United States, warning them that their confidential files had been stolen through Oracle E-Business Suite systems and demanding payment of a ransom in exchange for deleting the stolen files.
Further investigation determined that Oracle software carried zero-day remote code execution (RCE) in versions 12.2.3-12.2.14. It was also later reported that the attacks occurred months before Oracle released a patch and that “dozens” of companies were affected. Those “dozens” grew to become “more than a hundred.” Two hacker collectives are linked to this campaign: the financially motivated FIN11 and the infamous Cl0p ransomware gang.
There is no evidence of abuse
The Post has now issued a statement confirming that he was also a victim of the attack.
At the same time, Cl0p added The Washington Post to its data breach site, claiming that the company “ignored its security,” which, according to TechCrunch, means it decided not to pay the ransom demand. We don’t know how much money Cl0p asked the Post for, but previous reports claimed that one victim was asked for $50 million.
News about Oracle-related hacks has been coming for some time, with many other high-profile companies confirmed to have been affected, including Harvard University, Schneider Electric, Pan American Steel, and Cox Enterprises.
The full list of victims is not publicly available and probably never will be. There is a good chance that some of the victims will pay the ransom demand and never appear on the Cl0p data leak site.
Law enforcement generally advises against paying the ransom demand, saying that this motivates threat actors to carry out even more attacks and provides them with the necessary funds to continue operating.
Through TechCrunch
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
