LONDON — Tech giant Google has raised the alarm over a wave of extortion emails sent to high-level executives, with hackers claiming to hold stolen corporate data. The threats are said to involve files allegedly taken from Oracle’s business software systems.
In a statement issued on Wednesday, Google said the campaign is being carried out by a group that identifies itself as part of the Cl0p ransomware gang. The emails are being sent in bulk to executives at “numerous organisations,” the company said.
The attackers claim to have breached Oracle’s E-Business Suite, a widely used platform for managing finances, supply chains, and HR systems.
Despite the bold claims, Google admitted it could not confirm whether the hackers had actually accessed any data.
“We do not currently have sufficient evidence to definitively assess the veracity of these claims,” the company stated.
Google described the email campaign as “high-volume” but declined to share how many executives had been targeted or which sectors were most affected.
Efforts to contact Oracle and Cl0p for comment were unsuccessful at the time of writing. Oracle has not publicly acknowledged any breach.
The Cl0p group has been linked to several high-profile cyberattacks in recent years, including incidents involving government agencies and large corporations. Cybersecurity analysts believe the group often exploits vulnerabilities in third-party software to gain access to data, later threatening to publish or sell it unless a ransom is paid.
Speaking to The New York Times, cybersecurity expert Lisa Vaughan from the UK’s National Cyber Security Centre (NCSC) said the claims should be taken seriously — but with caution.
“This could be a case of bluffing to induce panic,” she said. “But if real data is involved, companies need to act fast to secure their systems and notify those affected.”
This latest warning comes amid a rise in ransomware-related threats against large enterprises. Just last month, the NCSC issued a general advisory about phishing campaigns targeting senior leadership, warning that attackers are focusing more on psychological tactics than technical exploits.
Experts say executive inboxes are especially valuable to hackers, given the access and influence they often carry.
Cybersecurity professionals urge companies to be vigilant, even if the credibility of the hackers’ claims is still in question.
“Organisations should review their Oracle application logs, strengthen email security filters, and inform their staff — especially at the executive level — to avoid engaging with suspicious emails,” said Ben Tran, a security researcher with London-based firm Digital Forge.
Google has not said whether it is working directly with Oracle to verify the alleged data breach, nor whether law enforcement has been engaged. However, previous incidents involving Cl0p have led to international investigations, including by Europol and the FBI.
For now, the emails appear to be part of a fear-driven attempt to extract payment from companies. But without clear evidence of stolen data, it remains uncertain how much of the threat is real — and how much is theatre.
Until more is known, firms are being told to stay alert, report suspicious emails, and prepare for the worst — just in case.
“In cybercrime, perception is often half the weapon,” said Vaughan. “Even the idea of a breach can cause damage.”
About the Author
