A 3D printed model of men working on computers are seen in front of displayed binary code and words "Hacker" in this illustration taken, July 5, 2021. REUTERS/Dado Ruvic/Illustration

Google says ShinyHunters hackers targeting education sector via Oracle exploit

11 Jun 2026, 20:35 · CNA · Join

Read a summary of this article on FAST.
Get bite-sized news via a new
cards interface. Give it a try.
Click here to return to FAST Tap here to return to FAST
FAST

June 11 : Alphabet's cybersecurity unit Mandiant and Google Threat Intelligence Group said Thursday they had identified an active compromise and extortion campaign targeting Oracle's PeopleSoft enterprise software, which they attributed to the hacking group ShinyHunters.

The campaign took place between May 27 and June 9, Google said in a blog.

PeopleSoft is an enterprise resource planning suite used by organizations to manage core business functions including human resources, finance and supply-chain operations.

After becoming aware of active scanning and exploitation, Google said it notified more than 100 organizations whose IP addresses correlated with potentially vulnerable endpoints. Most were based in the U.S., and 68 per cent were in the higher education sector.

CNA Games

Guess Word
Crack the word, one row at a time

Buzzword
Create words using the given letters

Mini Sudoku
Tiny puzzle, mighty brain teaser

Mini Crossword
Small grid, big challenge

Word Search
Spot as many words as you can
Show More
Show Less

Researchers found that the attackers hosted customized MeshCentral agents disguised as legitimate cloud endpoints, which were used to run administrative command queries.

As the activity occurred before Oracle issued a security advisory on June 10, the hackers were able to exploit the vulnerability as a "zero-day" flaw, meaning there was no patch available at the time of the attacks.

ShinyHunters is a hacking group with a history of targeting global companies for extortion. Last month, the group struck a deal with Instructure, the parent company of education tool Canvas, to secure stolen student and school data.

Newsletter

Week in Review

Subscribe to our Chief Editor’s Week in Review

Our chief editor shares analysis and picks of the week's biggest news every Saturday.

Sign up for our newsletters

Get our pick of top stories and thought-provoking articles in your inbox

Subscribe here

Get the CNA app

Stay updated with notifications for breaking news and our best stories

Download here

Get WhatsApp alerts

Join our channel for the top reads for the day on your preferred chat app

Join here