Broadcom Targeted by Clop Ransomware Exploiting Oracle E-Business Suite Zero-Day Vulnerability
In a significant cybersecurity incident, the Clop ransomware group has claimed responsibility for breaching Broadcom’s internal systems. This attack is part of a broader campaign exploiting a critical zero-day vulnerability in Oracle’s E-Business Suite (EBS), identified as CVE-2025-61882. This flaw, with a CVSS score of 9.8, allows unauthenticated attackers to execute arbitrary code remotely, posing a severe risk to organizations utilizing affected versions of Oracle EBS.
Details of the Breach
The Clop group reportedly accessed sensitive internal data, including enterprise resource planning (ERP) archives, design documentation, and semiconductor records. Given Broadcom’s pivotal role in telecommunications, data centers, and AI accelerator manufacturing, the potential exposure of such information raises significant concerns about supply chain security and the integrity of partner ecosystems.
Security researchers from Google’s Threat Intelligence Group and Mandiant have traced the initial breach activities back to July 10, 2025, with confirmed exploitation beginning on August 9, 2025. This timeline indicates that attackers had access to vulnerable systems weeks before Oracle released patches to address the flaw.
Technical Exploitation
The attackers exploited the Business Intelligence Publisher integration within Oracle EBS’s Concurrent Processing component. This exploitation granted them complete control over the affected systems. To maximize their foothold across enterprise networks, Clop supplemented the zero-day exploit with additional previously patched vulnerabilities.
The broader campaign has reportedly compromised at least 29 organizations, as evidenced by recent postings on Clop’s data-leak site. The attackers utilized compromised third-party email accounts, acquired from infostealer markets, to bypass spam filters and lend credibility to their extortion emails.
Broadcom’s Response
In response to the incident, a Broadcom spokesperson stated that the company uses Oracle’s E-Business Suite for certain internal corporate financial operations. They acknowledged being targeted by cybercriminals exploiting zero-day vulnerabilities in the Oracle product. Broadcom has conducted a forensic examination and patched their Oracle system to remediate the vulnerabilities. The company asserts that operations remain unaffected and expresses confidence in the integrity of their financial data. They also believe that any unlawfully disclosed data does not pose significant risk to their customers, vendors, partners, or employees.
Recommendations for Organizations
This incident underscores the critical importance of proactive cybersecurity measures. Organizations are advised to:
– Apply Patches Promptly: Ensure that all systems, especially those running Oracle EBS, are updated with the latest security patches to mitigate known vulnerabilities.
– Monitor for Suspicious Activity: Implement enhanced monitoring to detect unusual activities, particularly suspicious POST requests to the `/OA_HTML/SyncServlet` endpoints, which may indicate compromise.
– Strengthen Email Security: Be vigilant against phishing attempts and ensure that email security protocols are robust to prevent unauthorized access through compromised accounts.
– Conduct Regular Security Audits: Regularly assess and audit security measures to identify and address potential vulnerabilities before they can be exploited.
By adopting these practices, organizations can enhance their resilience against sophisticated cyber threats and protect sensitive information from unauthorized access.
