Technology

Google warns that ShinyHunters group is exploiting Oracle flaw to target education sector

Google said in a blog that the campaign primarily took place between May 27 and June 3

Published June 12, 2026
Make us preferred on Google
Google warns that ShinyHunters group is exploiting Oracle flaw to target education sector
Google warns that ShinyHunters group is exploiting Oracle flaw to target education sector

Google Threat Intelligence Group reportedly announced on Thursday that it had identified an extortion campaign targeting Oracle’s enterprise software. The company explicitly attributed the attack to the hacking group ShinyHunters.

Google clarified that it has already notified more than 100 organizations whose IP addresses were linked to potentially exposed endpoints.

Advertisement

It has been observed that most of the IP addresses were based in the US, and 68% belonged to the higher edition center.

According to researchers, the attackers hosted customized MeshCentral agents' disguised as legitimate endpoints which were then used to run administrative queries.

The hackers took full advantage of a “zero-day” flaw, which implies that there was no patch available at the time of the attack. It is worth mentioning that this malicious activity occurred before Oracle issued a major security advisory on June 10.

Earlier ShinyHunters attack also shows weaponization of education continuity, holding the academic progress of millions hostage.

Mandiant and GTIG being the two core pillars of Google Threat Intelligence said: “The attacker staging environments hosted customized MeshCentral agents masquerading as legitimate cloud endpoints, which they used to run administrative command queries and deploy a custom lateral movement and defacement script.”

It further resulted in a data breach, and thousands of students have been unable to access their major education materials.

ShinyHunters is a hacking group with a history of targeting prominent companies. Most importantly, the group attempted to strike a deal with Instructure, after stealing teacher and student data.

Ruqia Shahid
Ruqia Shahid is a reporter specialising in science, focusing on discoveries, research developments, and technological advancements. She translates complex scientific concepts into clear, engaging stories, helping readers understand the latest innovations and their real-world impact through accurate, accessible, and insight-driven reporting.
Share this story: