Google says ShinyHunters hackers targeting education sector via Oracle exploit

June 11 (Reuters) - Alphabet's ‌cybersecurity unit ​Mandiant ​and Google Threat Intelligence Group said Thursday they had identified an active compromise and ‌extortion campaign targeting Oracle's PeopleSoft enterprise software, which ⁠they attributed to the hacking group ShinyHunters.

The campaign took ‌place between May 27 and ‌June 9, Google said in a blog.

PeopleSoft is an enterprise resource planning suite used by organizations ​to manage core business functions including human resources, finance and supply-chain operations.

After becoming aware of ⁠active scanning and exploitation, Google said it notified more than 100 organizations ​whose IP addresses correlated with potentially vulnerable endpoints. Most were based in the U.S., ​and 68% were in the ‌higher education sector.

Researchers found that the attackers hosted customized MeshCentral agents disguised as ⁠legitimate cloud endpoints, which were used to run administrative command queries.

As the activity occurred before Oracle issued a ⁠security advisory on June 10, the hackers were able to exploit ​the vulnerability as a "zero-day" flaw, meaning there was no patch available at the time of the attacks.

ShinyHunters is a ‌hacking group with a history of targeting global companies for extortion. Last month, ‌the group struck a deal with Instructure, the parent ⁠company of education tool ‌Canvas, to secure ​stolen student and school data.

(Reporting by Juby Babu in Mexico City; Editing by Arun ‌Koyyur)

---

Serious News for Serious Traders! Try StreetInsider.com Premium Free!

---

You May Also Be Interested In

• SpaceX IPO makes Elon Musk the world's first trillionaire
• Iran says no final decision made on possible US agreement, IRNA says
• Adobe raises annual forecasts, CFO exit fans uncertainty over growth strategy