Menu
A major breach targeted Oracle Cloud in March 2025, with the threat actor “rose87168” claiming to have stolen 6 million records containing sensitive credentials, including SSO passwords and Java KeyStore files, impacting over 140,000 tenant organizations worldwide.
The attacker attempted to extort Oracle, demanding $20 million in exchange for technical information. Oracle initially denied the breach but later began notifying affected customers, attributing the exposed data to outdated systems in a move met with skepticism. Security researchers linked the incident to exploitation of the CVE-2021-35587 vulnerability in Oracle Fusion Middleware, raising concern about cloud providers’ ongoing vulnerability to aggressive, high-stakes extortion campaigns and making this one of the month’s most widely discussed incidents.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
