Worley – a Sydney-based provider of engineering and project management services to the energy, chemicals, and resources sectors – has been identified as a victim of the Cl0p cyber extortion operation. The listing occurred following a coordinated campaign targeting organisations using Oracle E-Business Suite software vulnerable to exploitation.
According to a report by cyberdaily, the engineering firm appeared on Cl0p’s darknet leak site on Nov. 21, positioned among 63 other affected organisations including automotive and industrial manufacturers. Cl0p typically uses such public listings as pressure tactics to compel ransom payments, although the group has not disclosed the volume or sensitivity of any obtained data.
Worley initiated investigation protocols following Oracle’s October 2025 public disclosure of zero-day vulnerability exploitation affecting multiple enterprise environments. The company engaged external cybersecurity specialists and coordinated directly with Oracle to determine whether systems had been compromised.
“We promptly activated our incident response protocols and initiated a thorough investigation. This investigation includes external specialists and Oracle to assess any potential impact on Worley. So far, there is no evidence of any impact on our data. We are notifying relevant stakeholders as necessary and maintaining vigilance as our investigation continues,” a Worley spokesperson said, as reported by cyberdaily.
Worley maintains operational locations across Australia, Europe, China, the Middle East, the US, and Central America, suggesting potential international implications of any successful intrusion.
The incident reflects a pattern affecting domestic entities. Ansell, a publicly listed medical device manufacturer, disclosed in October that unauthorised system access had occurred through third-party software vulnerabilities. The company characterised the intrusion as controlled, stating that “the unauthorised access via licensed third-party software vulnerabilities was limited and did not impact the broader company environment.” Ansell noted that captured information contained “non-sensitive business information” alongside some confidential and personally identifiable records. Engineering consultancy Ausenco was similarly listed by Cl0p in relation to the same campaign but has not publicly commented on the incident.
Beyond these specific incidents, the national breach environment reveals significant cyber risk exposure. The Office of the Australian Information Commissioner (OAIC) recorded 532 data breach notifications during the January–June 2025 period, marking a 10% decline from prior months while maintaining historically elevated levels. Malicious attack vectors represented 59% of reported breaches, with incidents affecting an average of just over 10,000 individuals per event.
Sectoral distribution identified health organisations at 18% of breaches, financial services at 14%, and government agencies at 13%. Human error emerged as a significant causation factor, driving 37% of incidents compared to 29% previously.
Aon plc’s 2025 Global Risk Management Survey, derived from approximately 3,000 executive participants across 63 countries, identified cyberattacks and data breaches as the predominant risk concern for Australian and New Zealand businesses. Ninety-three percent of local respondents indicated established cyber risk review processes.
Adam Peckman, Aon’s global head of cyber risk consulting and APAC Cyber Solutions leader, commented: “Cyber threats are no longer confined to data breaches – they have evolved into systemic business risks that can disrupt operations, supply chains, and reputations. Quantifying cyber exposure through analytics gives organisations the visibility to prioritise investments, reduce loss potential, and strengthen resilience at an enterprise level.”
