(The Tribune International) – Google has revealed that an active cyber espionage and extortion campaign targeting Oracle’s PeopleSoft enterprise software has been linked to the notorious hacking group ShinyHunters.
In a blog post published on Thursday, Alphabet’s cybersecurity unit Mandiant and the Google Threat Intelligence Group said the attacks took place between May 27 and June 9.
PeopleSoft is an enterprise resource planning platform widely used by organisations to manage critical operations, including human resources, finance and supply chain functions.
After detecting active scanning and exploitation attempts, Google said it alerted more than 100 organisations whose IP addresses appeared to be associated with potentially vulnerable systems. Most of the affected entities were based in the United States, with around 68 percent belonging to the higher education sector.
Researchers found that the attackers deployed customised MeshCentral agents disguised as legitimate cloud services, enabling them to execute administrative command queries on compromised systems.
RelatedPosts
Google noted that the attacks occurred before Oracle issued a security advisory on June 10, allowing hackers to exploit the vulnerability as a zero-day flaw before a patch became available.
ShinyHunters has a well-documented history of carrying out extortion campaigns against major organisations worldwide. Last month, the group reportedly reached an agreement with Instructure, the parent company of education platform Canvas, over stolen student and school data.
