THREATOPS
THREAT OPSThreat News › ShinyHunters Targets Education Sector with Oracle PeopleSoft Exploit

ShinyHunters Targets Education Sector with Oracle PeopleSoft Exploit

lowmandiant_gtiPublished 2026-06-11

<div class="block-paragraph_advanced"><h3><span style="vertical-align: baseline;">Introduction</span></h3> <p><span style="vertical-align: baseline;">Mandiant and Google Threat Intelligence Group (GTIG) have identified an active compromise and extortion campaign attributed to UNC6240 (ShinyHunters) targeting Oracle PeopleSoft application infrastructure. The activity was observed between May 27, 20

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://cloud.google.com/blog/topics/threat-intelligence/shinyhunters-targets-education-sector-oracle-exploit/