Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Local company with global footprint confirms investigation into Oracle-related incident, says no data compromised.
Worley, a company that describes itself as “the world’s largest provider of engineering, project and asset management solutions in the energy, chemicals and resources sectors,” was recently listed as one of a tranche of victims of the Cl0p cyber extortion operation
The hackers were recently responsible for a wave of attacks exploiting a vulnerability in Oracle’s E-Business platform, and it appears Worley is one of dozens of victims impacted by Cl0p’s campaign.
Worley was listed on November 21 on Cl0p’s darknet leaksite, alongside 63 other victims, including carmaker Mazda, imaging giant Canon, and tyre company Michelin.
Cl0p did not disclose how much data it had acquired, nor its date of publication, saying only of Worley that “The company doesn't care about its customers, it ignored their security!!!”. This is Cl0p’s standard boilerplate for its leak posts.
Worley told Cyber Daily it has investigated its network in the wake of the Oracle compromise, but has found no evidence of any leaks.
“In October 2025, Oracle announced the active exploitation of a zero-day vulnerability in one of its products, which allowed unauthorised access to Oracle environments running the affected software. This incident affected numerous organisations that use this Oracle software,” a Worley spokesperson said.
“We promptly activated our incident response protocols and initiated a thorough investigation. This investigation includes external specialists and Oracle to assess any potential impact on Worley.
“So far, there is no evidence of any impact on our data. We are notifying relevant stakeholders as necessary and maintaining vigilance as our investigation continues.”
Worley has offices in Australia, where it is headquartered, as well as in Europe, China, the Middle East, the United States, and Central America.
Cyber security firm Mandiant first began warning of a “high volume” extortion campaign linked to Cl0p in early October, after it was revealed that the hackers had been emailing executives to pressure them to pay ransoms or have their data published.
“Mandiant and Google Threat Intelligence Group are actively tracking recent activity involving an actor claiming affiliation with the Clop extortion group,” Charles Carmakal, CTO at Mandiant – Google Cloud, said in October.
“We are currently observing a high-volume email campaign being launched from hundreds of compromised accounts, and our initial analysis confirms that at least one of these accounts has been previously associated with activity from FIN11, a long-running, financially motivated threat group known for deploying ransomware and engaging in extortion.
“The malicious emails contain contact information, and we’ve verified that the two specific contact addresses provided are also publicly listed on the Clop data leak site (DLS),” Carmakal said.
Two other Australian businesses have been impacted by Cl0p’s latest extortion campaign, with Ansell and Ausenco both listed by the hackers in the last month. Ausenco did not respond to Cyber Daily’s request for comment; however, Ansell did confirm that some of its data had been compromised in a disclosure to the Australian Stock Exchange.
“Ansell Limited advises it recently identified unauthorised access to certain sets of company data. There has been no disruption to operations,” the company said in its 14 October statement.
“The unauthorised access via licensed third-party software vulnerabilities was limited and did not impact the broader company environment. As soon as this was detected, we took immediate containment action.
“Initial findings indicate that a majority of the accessed data consisted of non-sensitive business information. A portion, however, does contain confidential transactional data or personally identifiable information.”
To date, Cl0p has claimed more than one thousand victims.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
