The French-based telecommunications company Orange confirmed a source that suffered a ransomware incident that compromised the confidential information of at least 20 business customers. The French firm offers telecommunication services that offer consumer service for large companies, serving about 266 million users thanks to its 148,000 employees. The incident was revealed to members of the BleepingComputer platform.
The incident occurred on July 15, when the operators of the Nefilim ransomware posted some orange details in their database, claiming that the company was attacked through the networks of Orange Business Solutions, a division of the main company. After completing the attack, threat actors gained access to data from Orange Pro/SME customers.
“Between July 4 and 5, Orange teams detected a cyberattack; the IT team mobilized immediately to contain the infection and identify the source of the attack, as well as implement the necessary solutions to ensure the integrity of our networks,” the report sent to BleepingComputer, says.
Affected customers were notified as soon as possible, and the company continues to monitor their networks for any indication of suspicious activity.
“Le Forfait Informatique”, one of Orange’s affected platforms, allows business users to host cloud workstations, while outsourcing IT support for stations hosted on Orange services. Threat actors published a 339 MB file called ‘Orange_leak_part1.rar’, which could contain compromised business information.
Ransom Leaks, a platform dedicated to the analysis of information exposed in these types of incidents, states that the exposed file contains emails, aircraft plans and files from the French firm ATR Aircraft.
Ransomware infections are one of the most common attack variants, and criminals continue to evolve in their methods. A recent practice is to steal unencrypted information to expose it on hacking forums as a way to pressure victims to pay the ransom right away.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.