Breach cyber

Oracle Cloud

Mar 22, 2025 1 min read
Oracle Cloud

The cyberattack on Oracle Cloud orchestrated by 'rose87168' led to the theft of 6 million records potentially affecting over 140,000 tenants. Exfiltrated data includes sensitive JKS files, encrypted SSO passwords, key files, and JPS keys. This information is now sold on dark web forums. The breach, exploiting CVE-2021-35587, poses risks of unauthorized access and corporate espionage given the type of data stolen. Oracle's compromised subdomain and vulnerable software version highlight security gaps and raise concerns of lateral movement within the cloud environment.

Source: https://hackread.com/oracle-denies-breach-hacker-access-6-million-records/

TPRM report: https://scoringcyber.rankiteo.com/company/oracle-cloud

"id": "ora615032225",
"linkid": "oracle-cloud",
"type": "Breach",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'customers_affected': '140,000 tenants',
                        'industry': 'Technology',
                        'name': 'Oracle Cloud',
                        'type': 'Cloud Service Provider'}],
 'attack_vector': 'Exploitation of CVE-2021-35587',
 'data_breach': {'data_encryption': 'Yes',
                 'data_exfiltration': 'Yes',
                 'file_types_exposed': ['JKS files',
                                        'SSO passwords',
                                        'Key files',
                                        'JPS keys'],
                 'number_of_records_exposed': '6 million',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['JKS files',
                                              'Encrypted SSO passwords',
                                              'Key files',
                                              'JPS keys']},
 'description': "The cyberattack on Oracle Cloud orchestrated by 'rose87168' "
                'led to the theft of 6 million records potentially affecting '
                'over 140,000 tenants. Exfiltrated data includes sensitive JKS '
                'files, encrypted SSO passwords, key files, and JPS keys. This '
                'information is now sold on dark web forums. The breach, '
                'exploiting CVE-2021-35587, poses risks of unauthorized access '
                'and corporate espionage given the type of data stolen. '
                "Oracle's compromised subdomain and vulnerable software "
                'version highlight security gaps and raise concerns of lateral '
                'movement within the cloud environment.',
 'impact': {'data_compromised': ['JKS files',
                                 'Encrypted SSO passwords',
                                 'Key files',
                                 'JPS keys']},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes',
                           'entry_point': 'CVE-2021-35587'},
 'motivation': ['Unauthorized access', 'Corporate espionage'],
 'post_incident_analysis': {'root_causes': 'Vulnerable software version, '
                                           'compromised subdomain'},
 'threat_actor': "'rose87168'",
 'title': "Cyberattack on Oracle Cloud by 'rose87168'",
 'type': 'Data Breach',
 'vulnerability_exploited': 'CVE-2021-35587'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.