#clop

#clop

The cybercriminal gang, which in recent months has targeted organizations using an Oracle E-Business Suite (EBS) exploit, added the NHS to its leak site on November 11, but has yet to publish any data. Clop simply lists the NHS.uk domain, but does not specify which of the myriad branches of the UK's healthcare system it breached. It also listed the NHS's revenue as $234 billion, which appears to be a crude calculation taken from the Department of Health and Social Care's budget.

Google's Threat Intelligence Group (GTIG) and Mandiant are tracking the "high-volume" activity, which began last month, and are investigating whether there is any truth to the attackers' boasts. In a statement to The Register, Genevieve Stark, head of cybercrime and information operations intelligence analysis at GTIG, said: "This activity began on or before September 29, 2025, but Mandiant's experts are still in the early stages of multiple investigations, and have not yet substantiated the claims made by this group."