答案已發布32 來源
黑客集團 ShinyHunters 轉玩「零日漏洞」 血洗全球過百間大學 PeopleSoft 系統
ShinyHunters 喺 2026 年 6 月利用 Oracle PeopleSoft 漏洞發動數據竊取同勒索攻擊,聲稱超過 100 間機構中招,當中最少包括諾定咸大學,被偷走超過 40GB 嘅敏感資料 [1][2][3][5]。 黑客利用「小工具鏈(gadget chain)」混合已知同零日漏洞入侵 PeopleSoft,放棄咗佢哋一路沿用嘅身份盜用同語音釣魚戰術,但 Oracle 至今仲未公開回應 [3][4][5]。
54K0
AI 提示
openai.comCreate a landscape editorial hero image for this Studio Global article: What did the cybercrime group ShinyHunters do to Oracle PeopleSoft servers, how many organizations were affected, what vulnerability chain d. Article summary: Here is a comprehensive breakdown of the ShinyHunters Oracle PeopleSoft campaign based on reporting from BleepingComputer, TechCrunch, Huntress, SOC Defenders, and others.. Topic tags: general, general web, user generated. Reference image context from search candidates: Reference image 1: visual subject "ShinyHunters Claims Breach of 100+ Oracle PeopleSoft Servers. Notorious hacking gang targets enterprise HR systems at universities and organizations. ShinyHunters says it's comprom" source context "ShinyHunters Claims Breach of 100+ Oracle PeopleSoft Servers" Reference image 2: visual subject "May be an image of screen, signboard and text that says 'ORACI ORACL
惡名昭彰嘅數據勒索集團 ShinyHunters 喺 2026 年 6 月初,利用 Oracle PeopleSoft 平台嘅零日漏洞發動大規模攻擊,偷走咗超過 100 間機構嘅資料,當中大部分係大學,被洩露嘅數據包括學生紀錄、移民檔案同財務資料 。呢次攻擊手法一反常態,放棄佢哋之前一直用開嘅「語音釣魚(vishing)」劇本,轉向大規模漏洞利用,為高等教育界嘅供應鏈安全敲響咗警號。
攻擊經過:PeopleSoft 遭大規模入侵
2026 年 6 月初,ShinyHunters 向多間新聞機構確認,佢哋已經成功滲透咗超過 100 間機構嘅 Oracle PeopleSoft 系統,包括雲端同內部部署(on-premises)嘅版本 。呢個黑客集團聲稱,總共入侵咗超過 300 個獨立嘅 PeopleSoft 系統執行個體(instances)
。
Studio Global AI
Search, cite, and publish your own answer
Use this topic as a starting point for a fresh source-backed answer, then compare citations before you share it.
人們還問
「黑客集團 ShinyHunters 轉玩「零日漏洞」 血洗全球過百間大學 PeopleSoft 系統」的簡短答案是什麼?
ShinyHunters 喺 2026 年 6 月利用 Oracle PeopleSoft 漏洞發動數據竊取同勒索攻擊,聲稱超過 100 間機構中招,當中最少包括諾定咸大學,被偷走超過 40GB 嘅敏感資料 [1][2][3][5]。
首先要驗證的關鍵點是什麼?
ShinyHunters 喺 2026 年 6 月利用 Oracle PeopleSoft 漏洞發動數據竊取同勒索攻擊,聲稱超過 100 間機構中招,當中最少包括諾定咸大學,被偷走超過 40GB 嘅敏感資料 [1][2][3][5]。 黑客利用「小工具鏈(gadget chain)」混合已知同零日漏洞入侵 PeopleSoft,放棄咗佢哋一路沿用嘅身份盜用同語音釣魚戰術,但 Oracle 至今仲未公開回應 [3][4][5]。
接下來在實務上我該做什麼?
呢次係 ShinyHunters 喺 2026 年內針對教育界嘅第三波大型攻擊,之前已經發生過 Canvas/Instructure(聲稱涉及 2.75 億筆紀錄)同 Salesforce Experience Cloud 漏洞利用事件,顯示佢哋嘅攻擊規模同手法都喺度急速升級 [1][2][4]。
來源
- socdefenders.aiOracle PeopleSoft servers hacked in ShinyHunters data ...
- bleepingcomputer.comOracle PeopleSoft servers hacked in ShinyHunters data theft attacks
- techcrunch.comCybercriminals claim breach of Oracle PeopleSoft servers at 100-plus organizations
- bleepingcomputer.comOxford University discloses data breach after careers platform hack
- theguardian.comCanvas platform strikes deal with hackers to delete students' stolen data
Loading comments...
Comments
0 comments