Hacker Group Targets Oracle Software in Cyber Extortion Campaign

Updated at: June 15, 2026 at 03:30 AM

In June 2026, the cybersecurity landscape was shaken by a significant extortion campaign.

nounJune 2026

nouncybersecurity

nounextortion

The threat actor group known as ShinyHunters (UNC6240) launched a sophisticated attack targeting Oracle PeopleSoft software.

nounShinyHunters

nounattack

nounsoftware

By exploiting a critical zero-day vulnerability, CVE-2026-35273, the group gained unauthorized remote code execution access to servers without needing any authentication.

nounvulnerability

nounserver

This vulnerability, which earned a near-perfect CVSS score of 9.8, allowed attackers to infiltrate over 100 organizations between May 27 and June 9, 2026.

nounvulnerability

nounorganization

Once inside, the attackers deployed custom remote-management agents to steal sensitive data, such as student information and financial records, threatening to leak them online.

noundata

This incident marks a notable shift in cybercrime, where attackers prioritize direct data theft over traditional encryption-based ransomware.

noundata

It also highlights the risks of vendor aggregation, where a single software flaw can impact numerous organizations at once.

nounsoftware

nounorganization

🎉

End of article

You read 7 focus sentences.

Challenge Mode

Comprehension Questions

Which software product was the primary target of the zero-day exploit?

Microsoft Office 365

Oracle E-Business Suite

Oracle PeopleSoft

Reveal Answer

✓

Correct Choice

Oracle PeopleSoft

What is the primary sector impacted by this cyber extortion campaign?

The financial services industry

The government defense sector

The higher education sector

Reveal Answer

✓

Correct Choice

The higher education sector

What made the vulnerability CVE-2026-35273 particularly dangerous?

It could only be triggered by an insider threat

It required no authentication or user interaction

It required physical access to the server hardware

Reveal Answer

✓

Correct Choice

It required no authentication or user interaction

How did the attackers' tactics differ from traditional ransomware?

They exclusively targeted local computers rather than servers

They focused on deleting files instead of stealing them

They focused on pure data theft rather than encryption

Reveal Answer

✓

Correct Choice

They focused on pure data theft rather than encryption

How did security researchers learn about the attackers' methods?

The attackers voluntarily published a report

They discovered exposed directories containing staging materials

They successfully hacked the group's personal social media

Reveal Answer

✓

Correct Choice

They discovered exposed directories containing staging materials

Learn faster with Ringoo apps

Trace your learning progress and get real-time feedback with interactive exercises.

App Store Google Play