A hacker identified as “rose87168” claims to have breached Oracle Cloud and stolen 6 million records, including passwords and sensitive files. The hacker demands payment from over 140,000 companies, including several large Brazilian organizations, to prevent the leaked data from being exposed. ZenoX, a cybersecurity startup from Grupo Dfense, a leader and pioneer in using artificial intelligence against digital threats, is closely monitoring the situation and warns about the severe risks this incident poses, especially for Brazil, the second most affected country. While Oracle denies the occurrence of a data breach, the discrepancy between the information and the hacker’s actions raises significant concerns about cloud security and reinforces the need for proactive protection measures.
Incident details:
- Hacker “rose87168”: Claims to have exploited a vulnerability, possibly related to Oracle WebLogic Server, to breach the Oracle Cloud login system.
- 6 million stolen records: Including encrypted passwords (with potential to be cracked), JKS files, internal access keys, and Enterprise Manager JPS data.
- Digital extortion: The hacker demands payment to prevent data leaks and seeks help to break the encrypted passwords.
- Impact on Brazil: Several large Brazilian organizations, including banks, public agencies, and private companies, are among those affected.
- Supply chain risk: The compromised data can be used to attack companies connected to the affected ones.
According to Ana Cerqueira, CRO of ZenoX, the potential impacts for Brazilian companies are:
- Unauthorized access to systems: Leaked credentials could give cybercriminals access to sensitive corporate systems.
- Authentication failure: The reliability of the Single Sign-On (SSO) authentication structure could be compromised.
- Targeted attacks: Leaked information about organizational structure could facilitate targeted attacks.
- Sophisticated phishing: Leaked data could make phishing attacks more convincing and harder to detect.
- Legal and reputational risks: Companies may face reputational risks and legal notifications under the LGPD (Brazilian General Data Protection Law).
The executive recommends the following protective measures:
- Immediate password reset for Oracle SSO users.
- Implementation or reinforcement of multi-factor authentication (MFA).
- Review of access logs to identify suspicious activities.
- Continuous monitoring of login attempts and access anomalies.
- Implementation of context-based access controls (time, location, device).
- Proactive communication with internal teams about phishing risks.
- Rotation of potentially compromised tokens and encryption keys.
- Complete audit of access rights, implementing the principle of least privilege.
