Schneider Electric and Emerson have been named as victims of a large-scale cyberattack that exploited vulnerabilities in Oracle’s E-Business Suite. The attackers, linked to the Cl0p ransomware group, reportedly stole more than 100 gigabytes of data from Schneider Electric and several terabytes from Emerson. The breach appears to have originated from compromised Oracle environments used for enterprise resource management, allowing the attackers to access and exfiltrate sensitive corporate data. Both companies are assessing the scope of the incident, and early indications suggest that internal business systems were the primary targets rather than operational technology networks.

The attack underscores the growing threat of supply-chain exposure through third-party enterprise software platforms. By exploiting a widely deployed business system, the attackers were able to impact multiple major industrial organizations simultaneously. The incident highlights the ongoing risk of data theft and extortion campaigns aimed at critical infrastructure companies through their IT environments, reinforcing the need for strict patching, segmentation, and vendor security management to prevent cascading compromises.

‍

Source: https://www.securityweek.com/industrial-giants-schneider-electric-and-emerson-named-as-victims-of-oracle-hack/