Hacker Group Targets Oracle Software in Cyber Extortion Campaign
駭客組織發動網路勒索行動,鎖定甲骨文軟體用戶
更新於: 2026年6月15日 上午03:30
In June 2026, the cybersecurity landscape was shaken by a significant extortion campaign.
2026年6月,網路安全領域遭受一場重大的勒索活動震撼。
The threat actor group known as ShinyHunters (UNC6240) launched a sophisticated attack targeting Oracle PeopleSoft software.
駭客組織ShinyHunters (UNC6240) 發起了一次針對Oracle PeopleSoft軟體的精密攻擊。
By exploiting a critical zero-day vulnerability, CVE-2026-35273, the group gained unauthorized remote code execution access to servers without needing any authentication.
透過利用一個關鍵的零時差漏洞(CVE-2026-35273),該組織在無需任何認證的情況下,獲得了伺服器的遠端程式碼執行權限。
This vulnerability, which earned a near-perfect CVSS score of 9.8, allowed attackers to infiltrate over 100 organizations between May 27 and June 9, 2026.
此漏洞的CVSS評分高達9.8,幾近滿分,使攻擊者能在2026年5月27日至6月9日間,滲透超過100個組織。
Once inside, the attackers deployed custom remote-management agents to steal sensitive data, such as student information and financial records, threatening to leak them online.
一旦進入系統,攻擊者便部署自訂的遠端管理代理程式來竊取敏感資料,例如學生資訊與財務紀錄,並威脅將其公開於網路上。
This incident marks a notable shift in cybercrime, where attackers prioritize direct data theft over traditional encryption-based ransomware.
此事件標誌著網路犯罪的顯著轉變,攻擊者優先採取直接資料竊取,而非傳統的加密型勒索軟體。
It also highlights the risks of vendor aggregation, where a single software flaw can impact numerous organizations at once.
這也凸顯了供應商聚合所帶來的風險,即單一軟體漏洞可能同時影響眾多組織。
