Russian hackers are targeting software used by the NHS and the Treasury, cybersecurity experts have warned.
Researchers at Google warned that a bug in software from Oracle, the $850bn (£640bn) US technology business, was being exploited by a Russian ransomware gang. Hackers are using the weakness to target businesses that use Oracle’s software.
Oracle’s E-Business technology provides financial management, logistics, procurement and human resources software to thousands of businesses.
Its UK customers include NHS England and the Treasury. This week, NHS Digital urged trusts to update their systems and said its cyber team warned that attempts at “exploitation” of digital vulnerabilities were “highly likely”.
Google’s researchers said hackers from a gang known as Clop had sent a “high volume of emails to executives at numerous organisations, alleging the theft of sensitive data from the victims’ Oracle E-Business Suite”.
More than 100 organisations could have been hit in the latest cyber attack, Reuters reported, with “mass amounts of customer data” stolen. It is not clear if there are any UK victims.
The National Cyber Security Centre, an arm of GCHQ, said: “The NCSC will continue to monitor for any impact of this vulnerability on UK organisations.”
Google said the “extortion campaign followed months of intrusion” beginning in July. “In some cases, the threat actor successfully exfiltrated a significant amount of data from impacted organisations,” the company’s threat intelligence group said.
Oracle was founded by Larry Ellison, the world’s second richest man and a friend of Donald Trump and Sir Tony Blair. The 81-year-old still serves as Oracle’s chairman and chief technology officer and is worth more than $350bn.
In emails sent to victims, Clop warns: “We do not seek political power or care about any business. Your only option to protect your business reputation is to discuss conditions and pay claimed sum.”
The ransomware group is believed to be a criminal gang made up of Russian-speaking hackers. In 2021, police claimed the group had been responsible for laundering more than $500m in cryptocurrency from their hacking campaigns.
One cybersecurity expert told Bloomberg the attackers had demanded as much as $50m from an organisation hit by its latest hacking campaign.
The group has previously been tied to hacks of American universities and the US department of energy.
In a security update last week, Oracle said its customers should install up-to-date security patches “as soon as possible”.
The UK has suffered a string of damaging cyber attacks in recent months, with criminal gangs shutting down businesses including Marks & Spencer, Co-op and Jaguar Land Rover.
A government spokesman said: “As you would expect, the Government Cyber Coordination Centre, in coordination with the NCSC, regularly provides expert advice and guidance to departments on a range of issues.”
Broaden your horizons with award-winning British journalism. Try The Telegraph free for 1 month with unlimited access to our award-winning website, exclusive app, money-saving offers and more.
