The Washington Post has confirmed that it was among the organizations affected by a major cybersecurity breach connected to Oracle software. The newspaper said on Thursday that it was “one of those impacted by the breach of the Oracle E-Business Suite platform.”
While the company did not share additional details, its announcement followed claims made by the ransomware group CL0P, which listed the Washington Post among its alleged victims on its website. Attempts to contact the group for comment were unsuccessful.
Oracle, when approached by Reuters, referred inquiries to two previously released security advisories issued in the past month.
These advisories addressed potential vulnerabilities in the Oracle E-Business Suite, a suite of business management applications widely used by organizations across industries.
A Widespread and Sophisticated Cyber Campaign
The CL0P ransomware gang, known for its aggressive tactics, often exposes the identities of its victims publicly to pressure them into paying ransom demands.
Cybersecurity experts consider CL0P one of the most active and dangerous ransomware groups globally.
The group has been linked to a large-scale cybercriminal operation that exploited flaws in Oracle’s E-Business Suite—a system used by companies to oversee customer relations, supply chains, production, logistics, and other critical business functions.
The scope of the breach appears extensive. According to Google, more than 100 organizations may have been compromised as part of the same hacking wave.
This incident adds to the growing list of cyberattacks targeting enterprise software providers and their clients, highlighting the increasing sophistication and scale of global ransomware operations.
While neither Oracle nor the Washington Post disclosed whether sensitive data was accessed or stolen, experts suggest that such breaches often aim to obtain valuable business information that can be leveraged for financial gain.
The attack underscores the vulnerability of interconnected enterprise systems and the far-reaching consequences of security lapses in widely used business software.
As investigations continue, cybersecurity specialists urge companies using Oracle’s E-Business Suite to review Oracle’s recent advisories and apply the recommended security patches immediately.
The incident serves as a stark reminder of the persistent threats organizations face from ransomware groups exploiting weaknesses in critical software systems.
Read next: U.S. Moves to Halt Nvidia’s Sales of Modified AI Chips to China