406/68 Thursday, October 16, 2025
Harvard University has confirmed that it was targeted in a cyberattack exploiting a vulnerability in Oracle E-Business Suite (EBS), after the Cl0p ransomware group published over 1.3 terabytes of data on its leak site on the Tor network. The university stated that the incident only affected a “small administrative unit” and that there is no evidence suggesting other core systems were compromised. Meanwhile, Cl0p announced on its leak site that it is preparing files and will soon release them via Torrent for public download.
Reports from the Google Threat Intelligence Group (GTIG) and Mandiant revealed that the attack was part of a broader extortion campaign leveraging the Oracle EBS vulnerability (CVE-2025-61882, CVSS 9.8), which had been patched in July 2025. However, numerous organizations worldwide remain affected. The attack is believed to have involved the use of a zero-day exploit, alongside extortion emails sent to executives. The stolen data reportedly includes financial records, human resources information, customer and supplier details, as well as inventory data.
Cl0p is known as a Russia-linked Ransomware-as-a-Service (RaaS) group that specializes in “big-game hunting,” targeting large organizations and employing double-extortion tactics-encrypting files while simultaneously threatening to leak stolen data. The group has been behind several high-profile attacks, including MOVEit Transfer (2023), Accellion FTA (2020–2021), and GoAnywhere MFT (2023). Cl0p has also previously targeted universities and other major institutions around the globe.
