Google Warns: Hackers Send Extortion Emails to Executives | Latest Cybersecurity News October 2, 2025

Google Warns: Hackers Target Executives with Extortion Emails

October 2, 2025 — Google has issued a critical cybersecurity warning, revealing that hackers are targeting top corporate executives with extortion emails. The attackers claim to have stolen sensitive data from Oracle E-Business Suite, threatening to leak it unless ransom demands are met. The campaign has been classified as “high-volume,” with dozens of compromised accounts being used to deliver the messages, according to Google’s Threat Intelligence Group and its subsidiary Mandiant.

The hackers allegedly linked themselves to the infamous Cl0p ransomware group, a cybercriminal syndicate known for large-scale extortion attacks. Google’s investigation revealed that the emails include contact details that match those published on Cl0p’s data leak site, suggesting a possible connection. However, Google emphasized that so far, there is no concrete evidence that the data theft claims are legitimate.

According to security researchers, the campaign began around September 29, 2025, and has already reached several multinational corporations. Hackers are suspected of exploiting compromised email accounts or abusing password reset mechanisms to impersonate legitimate communication.

In some reported cases, demands have been shockingly high. Cybersecurity firm Halcyon disclosed that one victim organization received a ransom demand of up to $50 million. Experts believe that such extortion tactics are not only about financial gain but also about creating public pressure and fear, forcing organizations into compliance.

The scale and direct targeting of executives make this campaign particularly dangerous. Unlike traditional ransomware attacks that infiltrate networks silently, this strategy seeks to directly intimidate decision-makers. By leveraging reputational risk, hackers aim to speed up ransom payments without engaging in lengthy negotiations.

Google and Mandiant are actively investigating the matter, analyzing whether Oracle’s infrastructure itself has been breached or if attackers are simply exploiting weak points in corporate email systems. So far, no confirmed compromise of Oracle’s own systems has been reported. Industry experts caution that even false claims can be harmful, as the perception of a breach may damage investor confidence and corporate credibility.

To mitigate risks, Google strongly urges organizations to enhance multi-factor authentication, audit Oracle E-Business Suite deployments, and monitor for unusual login activity. Companies are also advised to strengthen incident response plans, update staff awareness training, and collaborate with cybersecurity firms for rapid detection and remediation.

This latest campaign highlights the evolving nature of cybercrime. Hackers are no longer focusing only on infiltrating networks but are increasingly using psychological and reputational pressure to extort money. Experts warn that executives must remain vigilant and treat suspicious emails with extreme caution.

In conclusion, Google’s warning on October 2, 2025, underlines the urgent need for corporations worldwide to adopt stronger cybersecurity defenses. Whether or not the hackers’ claims are real, the incident demonstrates how cyber threats are evolving — and why proactive security measures are essential to protect both data and leadership.