The campaign took place between May 27 and June 9, Google said in a blog [File]
| Photo Credit: REUTERS
Alphabet’s cybersecurity unit Mandiant and Google Threat Intelligence Group said Thursday they had identified an active compromise and extortion campaign targeting Oracle’s PeopleSoft enterprise software, which they attributed to the hacking group ShinyHunters.
The campaign took place between May 27 and June 9, Google said in a blog.
PeopleSoft is an enterprise resource planning suite used by organisations to manage core business functions including human resources, finance and supply-chain operations.
After becoming aware of active scanning and exploitation, Google said it notified more than 100 organisations whose IP addresses correlated with potentially vulnerable endpoints. Most were based in the U.S., and 68% were in the higher education sector.
Researchers found that the attackers hosted customised MeshCentral agents disguised as legitimate cloud endpoints, which were used to run administrative command queries.
As the activity occurred before Oracle issued a security advisory on June 10, the hackers were able to exploit the vulnerability as a “zero-day” flaw, meaning there was no patch available at the time of the attacks.
ShinyHunters is a hacking group with a history of targeting global companies for extortion. Last month, the group struck a deal with Instructure, the parent company of education tool Canvas, to secure stolen student and school data.
Published – June 12, 2026 11:54 am IST
Click Here For The Original Source.