The Cl0p ransomware group has claimed responsibility for infiltrating Broadcom’s internal systems as part of an ongoing exploitation campaign targeting Oracle E-Business Suite vulnerabilities.
The hack uses a critical zero-day vulnerability (CVE-2025-61882) rated 9.8 on the CVSS scale, allowing attackers to execute arbitrary code without authentication.
Broadcom, a major semiconductor and infrastructure software provider, becomes the latest high-profile victim in a massive extortion campaign that began in late September 2025.
The threat actors claim to have accessed internal enterprise resource planning (ERP) archives, design documentation, and sensitive semiconductor records.
Given Broadcom’s influence across telecommunications, data centers, and AI accelerator manufacturing. The potential exposure of internal documentation raises concerns for supply chain integrity and partner ecosystems.
Security researchers from Google Threat Intelligence Group and Mandiant traced the underlying breach activity back to July 10, 2025, with confirmed exploitation beginning August 9, 2025, weeks before Oracle released patches.
The Cl0p group gathered information and moved through victim networks before starting a coordinated email blackmail campaign in September, hitting executives at many companies at the same time.
The attack exploited Oracle E-Business Suite’s Business Intelligence Publisher integration within the Concurrent Processing component, granting attackers complete system control.
Cl0p supplemented the zero-day with additional previously patched vulnerabilities to maximize its foothold across enterprise networks.
The broader campaign has reportedly compromised at least 29 organizations, according to recent postings on the Cl0p data-leak site.
The attackers used hacked third-party email accounts purchased from infostealer markets to bypass spam filters and make their extortion emails appear more believable.
Oracle released emergency patches in October 2024, though organizations running older E-Business Suite versions remain vulnerable if patches haven’t been applied.
Security experts recommend immediate patching and enhanced monitoring for suspicious POST requests to the/OA_HTML/SyncServlet endpoints, which are high-fidelity compromise indicators.
Broadcom spokesperson said to Cybersecuritynews.com that “Broadcom uses Oracle’s E-Business Suite for certain internal corporate financial operations. Like many other organizations that use this software, Broadcom has been targeted by cybercriminals who have exploited zero-day vulnerabilities in the Oracle product. Broadcom has forensically examined and patched our Oracle system to remediate the vulnerabilities.”
“Broadcom operations are unaffected, and we are confident in the integrity of our financial data. If any of the limited types of data processed in Oracle are unlawfully disclosed, we do not expect it to pose significant risk to any of our customers, vendors, partners, or employees.”
Powered by
