Oracle Cloud Hit by Massive Cyberattack, CloudSEK Warns of Supply Chain Crisis

In a potentially unprecedented digital heist, CloudSEK has uncovered what might be 2025’s largest supply chain attack targeting Oracle Cloud. Detected on March 21 via CloudSEK’s XVigil platform, threat actor “rose87168” is hawking 6 million records—including JKS files, encrypted passwords, and enterprise keys—stolen from Oracle Cloud’s SSO and LDAP systems. The breach, exploiting the login.(region-name).oraclecloud.com endpoint, impacts over 140,000 tenants globally. The sophisticated attacker is not only selling this sensitive data but also extorting affected organizations while seeking help to decrypt credentials. CloudSEK has issued urgent recommendations, including immediate credential rotation, forensic investigations, and enhanced security measures to mitigate what they’ve classified as a “High” severity incident.​​​​​​​​​​​​​​​​