Oracle EBS Zero-Day Attack Hits Global Industrial Leaders
A major cybersecurity incident has surfaced, as hackers exploited a vulnerability in Oracle E-Business Suite (EBS) to target leading industrial automation companies Schneider Electric and Emerson Electric. The ransomware group FIN11, operating under the Cl0p banner, has reportedly published stolen data from both companies on its leak site.
Massive Data Leaks Linked to FIN11’s Cl0p Operation
Cyber researcher Domini Alvieri revealed on X (formerly Twitter) that Schneider and Emerson were among the latest victims listed on Cl0p’s data leak platform. According to SecurityWeek, FIN11 disclosed a 116GB folder allegedly tied to Schneider and a staggering 2.7TB folder connected to Emerson. Metadata from leaked file trees indicates the source data may have originated from Oracle EBS systems.
CVE-2025-61882: The Exploit Behind the Breach
Security analysts believe the attack was enabled by a zero-day flaw—CVE-2025-61882—in Oracle EBS, which exposed sensitive enterprise resource data to unauthorized access. The vulnerability’s exploitation highlights the growing risk facing organizations relying on legacy ERP systems without timely patch management or strong access controls.
Expanding List of Global Victims
If confirmed, this incident adds Schneider and Emerson to an expanding roster of victims affected by the Oracle EBS exploit. Previous targets include Harvard University, Envoy Air, and the University of the Witwatersrand in South Africa—underscoring the global reach of the attack campaign and its focus on data-rich institutions.
Schneider’s Security History and Prior Ransomware Incident
This is not the first time Schneider Electric has faced cyber threats. In 2024, the company was listed by the Grep ransomware group, which allegedly stole around 40GB of project data, source code, and customer information from its Atlassian Jira system. The attackers bizarrely demanded $125,000 in cryptocurrency and a loaf of French baguette as ransom.
Industrial Cybersecurity at a Critical Crossroads
The Schneider and Emerson breaches serve as a stark reminder that industrial automation firms are prime targets for financially motivated cybercrime. With operational technology (OT) increasingly connected to enterprise IT systems, vulnerabilities in business software like Oracle EBS can cascade into critical industrial environments.
Moving forward, stronger vulnerability management, multi-layered defense strategies, and rapid response capabilities will be essential to safeguard industrial infrastructure against evolving cyber threats.