ShinyHunters linked to exploitation of critical flaw in Oracle PeopleSoft

A zero-day vulnerability in Oracle PeopleSoft has been exploited in a widespread cyberattack campaign linked to the ShinyHunters threat group, according to a report released Thursday by Mandiant.

Mandiant, the incident response unit of Google, has notified more than 100 global organizations that might have been affected in the attacks. Most of the organizations were in the U.S., and more than two-thirds of them were colleges and universities.

One of those struck was the University of Nottingham, which said a “significant amount of data” in its student records was compromised.

"This is now the subject of a criminal investigation,” a spokesperson told Cybersecurity Dive. “We are working with the third party that maintains the platform to investigate and we will continue to support the police with their enquiries.”

The Cybersecurity and Infrastructure Security Agency on Friday added the flaw to its Known Exploited Vulnerabilities catalog and confirmed it has been used in ransomware attacks. Federal Civilian Executive Branch agencies have until Monday to remediate the vulnerability.