THREAT OPS › Threat News › ShinyHunters Targets Education Sector with Oracle PeopleSoft Exploit
ShinyHunters Targets Education Sector with Oracle PeopleSoft Exploit
<div class="block-paragraph_advanced"><h3><span style="vertical-align: baseline;">Introduction</span></h3> <p><span style="vertical-align: baseline;">Mandiant and Google Threat Intelligence Group (GTIG) have identified an active compromise and extortion campaign attributed to UNC6240 (ShinyHunters) targeting Oracle PeopleSoft application infrastructure. The activity was observed between May 27, 20
MITRE ATT&CK techniques
Indicators of compromise
- 50ac0ffbc9ecf4559949faa026a412c9bb57e81d3ae0714a4dcd25b4fec35105sha256
- 2ab684d93c1553fad87041b4dea97188a97e78589deee2a7bacff905564f3a35sha256
- f02a924c9ff92a8780ce812511341182c6b509d45bc59f3f7b522e37225d24fcsha256
- d83fdb9e53c5ff03c4cb0451ea1bebd79b53f29eadc1e2fa394c7af13a86ce2fsha256
- c7e9332731b06644fc73e0046a2a89eaa59b09f54250e9bd622467187351711fsha256
- 68257a6f9ff196179ec03624e849927f26599eb180a7c82e14ef5bc4e93bc309sha256
- CVE-2026-35273cve
- https://www.oracle.com/security-alerts/alert-cve-2026-35273.htmlurl
- https://www.virustotal.com/gui/collection/50ac0ffbc9ecf4559949faa026a412c9bb57e81d3ae0714a4dcd25b4fec35105url
- 142.11.200.186ipv4
- 142.11.200.187ipv4
- 142.11.200.188ipv4
- 142.11.200.189ipv4
- 142.11.200.190ipv4
- 176.120.22.24ipv4
- azurenetfiles.netdomain