I know that I have not blogged in quite awhile, mainly due to work commitments but I’m going to see what I can do. Now that I’ve seemed to get this beast working for now, let’s see what I can do.
The beginning of the article says:
Hardware accessory giant Logitech has confirmed it suffered a data breach in a cyberattack claimed by the Clop extortion gang, which conducted Oracle E-Business Suite data theft attacks in July.
Logitech International S.A. is a Swiss multinational electronics company that sells hardware and software solutions, including computer peripherals, gaming, video collaboration, music, and smart home products.
Today, Logitech filed a Form 8-K with the U.S. Securities and Exchange Commission, confirming that data was stolen in a breach.
The article continues:
“Logitech International S.A. (“Logitech”) recently experienced a cybersecurity incident relating to the exfiltration of data. The cybersecurity incident has not impacted Logitech’s products, business operations or manufacturing,” disclosed Logitech.
“Upon detecting the incident, Logitech promptly took steps to investigate and respond to the incident with the assistance of leading external cybersecurity firms.”
Logitech says the data likely includes limited information about employees and consumers, as well as data relating to customers and suppliers, but the company does not believe hackers gained access to sensitive information such as national ID numbers or credit card information, as that data was not stored in the breached systems.
Should we be surprised about this statement? It says:
Logitech says that the breach occurred through a third-party zero-day vulnerability that was patched as soon as a fix was available.
But this is interesting.
While the company does not name the software vendor, the breach was likely caused by an Oracle zero-day vulnerability exploited by the Clop extortion gang in July data-theft attacks.
So were they breached through an Oracle product? This is interesting.
Klop has had some very significant breaches and we’ve covered them through the years. I believe all of them have been through TSB’s running.
They include:
- 2020: Exploited a zero-day in the Accellion FTA platform, affecting nearly 100 organizations.
- 2021: Exploited a zero-day in SolarWinds Serv-U FTP software.
- 2023: Exploited a zero-day in the GoAnywhere MFT platform, breaching over 100 companies.
- 2024: Exploited two Cleo file transfer zero-days (CVE-2024-50623 and CVE-2024-55956) to steal data and extort companies.
Add this to their list as the article claims tons of data have been taken. But this paragraph talking about Oracle is quite interesting, as it says:
Other organizations impacted by the 2025 Oracle E-Business Suite data theft attacks include Harvard, Envoy Air, and The Washington Post.
Bleeping Computer reached out to the hardware and software maker and will provide updates if updates are passed along.
If you want to read the entire story, please read the Bleeping Computer article titled < href=”https://www.bleepingcomputer.com/news/security/logitech-confirms-data-breach-after-clop-extortion-attack/”>Logitech confirms data breach after Clop extortion attack.
The image is a ransom note from a group called “CLOP team.” They claim to have breached an Oracle E-Business Suite application, copied private files, and now hold the data. They offer to delete the data upon payment, threatening to sell it to black markets or publish it online if payment is not made. They provide email contacts, offer evidence by sharing files or data rows, and emphasize consequences like loss of reputation and financial harm. They promise technical advice, data deletion with proof, and confidentiality if paid.
Does this sound familiar to you? This is the ransomware note as Jaws GPT as I call it gives us.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.