June 11 (Reuters) - Alphabet's ⁠cybersecurity unit Mandiant and Google Threat Intelligence Group ⁠said Thursday they had identified an active compromise ‌and extortion campaign targeting Oracle's PeopleSoft enterprise software, which they attributed to the hacking group ShinyHunters.

The campaign took place between May 27 ​and June 9, Google said in ⁠a blog.

PeopleSoft is an ⁠enterprise resource planning suite used by organizations to manage core ⁠business ‌functions including human resources, finance and supply-chain operations.

After becoming aware of active scanning and ⁠exploitation, Google said it notified more than 100 ​organizations whose ‌IP addresses correlated with potentially vulnerable endpoints. Most were ⁠based in ​the U.S., and 68% were in the higher education sector.

Researchers found that the attackers hosted customized MeshCentral agents disguised ⁠as legitimate cloud endpoints, which were ​used to run administrative command queries.

As the activity occurred before Oracle issued a security advisory on June 10, the ⁠hackers were able to exploit the vulnerability as a "zero-day" flaw, meaning there was no patch available at the time of the attacks.

ShinyHunters is a hacking group ​with a history of targeting global ⁠companies for extortion. Last month, the group struck a deal ​with Instructure, the parent company ‌of education tool Canvas, to ​secure stolen student and school data.

(Reporting by Juby Babu in Mexico City; Editing by Arun Koyyur)