All news with #fin11 tag

Extortion Emails Target Executives Claiming Clop Ties

📧 An individual or group claiming to work with the Clop ransomware gang has been sending extortion emails to executives at multiple organizations since September 29, according to Google. Researchers at Mandiant and the Google Threat Intelligence Group are investigating and report a high-volume campaign launched from hundreds of compromised accounts, with at least one account previously linked to FIN11. The messages include contact information that matches addresses on the Clop data leak site, suggesting the actor may be leveraging Clop's brand; however, investigators emphasize this does not prove direct Clop involvement and advise targeted organizations to search for indicators of compromise.

Google, Mandiant Probe Extortion Claims Targeting Oracle EBS

📧 Google Mandiant and the Google Threat Intelligence Group report a new high-volume extortion campaign that claims stolen data from Oracle E-Business Suite. The operation began on or before September 29, 2025, uses hundreds of compromised accounts, and includes contact addresses verified on the Cl0p data leak site. Mandiant notes at least one sending account has ties to FIN11, a TA505 subset. Investigations are ongoing and organizations are urged to inspect for compromise.