FWIW, that doesn't appear to be a "hasty rebrand" - Oracle has had this distinction for a long time.
https://docs.oracle.com/en/cloud/saas/enterprise-performance...
The hacker has demonstrated that they have/had write access to URLs under login.us2.oraclecloud.com. It's incredibly disingenuous on Oracle's part to claim that this is not "Oracle Cloud".