Sato Corporation this week started notifying victims of an October 2025 data breach that compromised names, email addresses, postal addresses, telephone numbers, and customer accounts.
Sato said hackers exploited a zero-day vulnerability in the Oracle E-Business Suite software, which large enterprises use to manage finances and human resources. Sato said the infected system contained orders, shipping and delivery info, and accounts receivable and payable. It does not include passwords or product info.
Ransomware group Clop (“Cl0p”) took credit for the breach in a post on its data leak site. Clop recently claimed responsibility for a spate of data breaches that exploited the same Oracle vulnerability.
Sato has not verified Clop’s claim. We do not know if SATO did or will pay a ransom, how much Clop demanded, or how attackers breached the company’s network. Comparitech contacted SATO for comment and will update this article if it replies.
“At 09:35 AM (UTC) on Sunday, October 12, 2025, we received a report from the service provider managing our cloud service environment that a cyberattack had exploited a zero-day vulnerability (CVE-2025-61882) in Oracle E-Business Suite,” says Sato’s notice (PDF) to victims.
“Preparation for the attack was detected in early July 2025, and the initial intrusion occurred in August 2025. During this time, unauthorized access was gained, and confidential information may have been exfiltrated.”
Sato says the attack affected its businesses in Japan, the USA, Singapore, Malaysia, Europe, and the UK.
Who is Clop?
Clop, or Cl0p, is a high-profile ransomware group that first surfaced in 2019. It specializes in exploiting zero-day software vulnerabilities, most recently in Oracle’s E-Business Suite and the Cleo file transfer software. Cl0p targets any organization using the vulnerable software. Like some other ransomware groups, Clop doesn’t always encrypt files. Instead, Clop steals data and then demands a ransom to not publish or sell it.
Clop has taken credit for 384 attacks so far this year, 11 of which have been confirmed by the targeted organizations.
In addition, Cl0p says it hacked these nine organizations that all cited the Oracle vulnerability in their breach disclosures:
- Harvard University
- Wits University
- Envoy Air
- Ansell Limited
- The Washington Post
- GlobalLogic
- Hampton Roads Sanitation District
- David Yurman Enterprises
Ransomware attacks on manufacturers
Comparitech researchers have logged 137 confirmed ransomware attacks on manufacturers in 2025 to date, plus 1,093 unconfirmed claims that haven’t been publicly acknowledged by the targeted organizations. The average ransom demand is $1.39 million.
The largest such breach hit another Japanese company, Nippon Ceramic, which notified 38,500 people in the wake of an April 2025 attack claimed by NightSpire.
The largest ransom was also demanded from a Japanese company. Elematec Corporation said personal data was compromised after ransomware group Devman demanded $10 million in May 2025.
Ransomware attacks on manufacturers can steal data and lock down computer systems. In Clop’s case, it might just be the former. Data extortion forces businesses to pay a ransom for the ransomware gang to delete the stolen data. If the company doesn’t pay, then the ransomware group sells or publicly releases the data.
About Sato Corporation
Sato Corporation ($6287.T) makes printers, hand labelers, stickers, labels, magnetic cards, IC tags, tickets, and software for other businesses. It employs nearly 6,000 people around the world, according to external sources.
