Massive Cyberattack on Oracle Cloud Servers: 6 Million Confidential Files Possibly Stolen
🌍 As trust in cloud technologies continues to grow, a massive cyberattack on Oracle Cloud servers has raised serious concerns.
An unknown hacker using the alias “rose87168” claims to have successfully stolen nearly 6 million confidential files from Oracle Cloud servers. These files allegedly include encrypted passwords, authentication keys, and other sensitive documents.
This incident could impact over 140,000 Oracle Cloud customers worldwide, bringing significant security concerns to cloud technologies.
What Data Has Been Stolen?
According to leaked information, the hackers managed to steal the following critical files and confidential data:
🔹 Java Key Store (JKS) files – used to store secret keys in cloud systems.
🔹 Encrypted Single Sign-On (SSO) passwords – authentication data allowing seamless corporate access.
🔹 Hashed LDAP (Lightweight Directory Access Protocol) passwords – confidential credentials of corporate users.
🔹 Enterprise Manager Java Platform Security (JPS) keys – security keys essential for Oracle Cloud environments.
The sale of such confidential information on major hacking forums poses a significant threat to organizations, as criminals could use it to gain unauthorized access to cloud systems.
How Was the Attack Carried Out?
Analysts believe the attack was executed by exploiting a vulnerability in Oracle Cloud’s authentication system.
Hackers discovered outdated software on the subdomain login.(region-name).oraclecloud.com and may have exploited CVE-2021-35587 to gain access to the system.
🔴 CVE-2021-35587 – a vulnerability in Oracle Access Manager that allows attackers to bypass authentication and gain unauthorized system access.
This incident highlights the critical consequences of delaying cloud security updates.
What Is Happening to the Stolen Data?
Hacker “rose87168” has started selling the stolen information on the Breach Forums platform.
🔹 Additionally, they are recruiting other hackers, offering rewards for cracking the encrypted passwords.
How Is Oracle Responding?
🔹 Oracle has officially denied the breach, stating that no customer data has been compromised and that the leaked information is not related to their system.
🔹 However, cybersecurity experts urge organizations to stay vigilant and take immediate security measures.
What Should Oracle Cloud Users Do?
🔹 1. Change Passwords Immediately
✅ Update all passwords for SSO, LDAP, and other authentication systems.
✅ Enable Multi-Factor Authentication (MFA).
🔹 2. Strengthen Security Monitoring
✅ Use security monitoring systems to detect unauthorized access attempts.
✅ Review system logs to identify suspicious activities.
🔹 3. Conduct a Security Audit
✅ Have IT security teams perform a thorough system inspection.
✅ Identify and fix any vulnerabilities.
🔹 4. Contact Oracle
✅ Follow Oracle’s official security recommendations.
✅ Perform additional system security checks.
🔹 5. Review Access Permissions
✅ Audit administrator and high-privilege accounts.
✅ Follow the Least Privilege Principle (granting only necessary permissions).
How to Strengthen Cloud Security?
🔐 1. Regularly Update Software
✅ Delayed updates create entry points for hackers. Keep Oracle Cloud and other cloud platforms up to date.
🔐 2. Implement the Zero Trust Model
✅ The “Never trust, always verify” approach significantly reduces attack risks.
🔐 3. Encrypt Sensitive Data
✅ Encryption prevents hackers from exploiting stolen data.
🔐 4. Strengthen Access Control
✅ Enforce MFA (Multi-Factor Authentication) for privileged accounts.
🔐 5. Train Employees on Cybersecurity
✅ Phishing attacks and user errors are major security risks. Conduct regular cybersecurity awareness training.
This attack demonstrates that cloud services are increasingly becoming prime targets for hackers.
🔴 Vulnerabilities in Oracle Cloud jeopardize the security of thousands of organizations worldwide.
✅ Companies must enhance their security measures, apply updates promptly, and actively monitor suspicious activities.
⚠ Staying secure in the cloud starts with vigilance! 🔐
