Orange, a telecom company with 148k employees, infected by ransomware

The French-based telecommunications company Orange confirmed a source that suffered a ransomware incident that compromised the confidential information of at least 20 business customers. The French firm offers telecommunication services that offer consumer service for large companies, serving about 266 million users thanks to its 148,000 employees. The incident was revealed to members of the BleepingComputer platform.

The incident occurred on July 15, when the operators of the Nefilim ransomware posted some orange details in their database, claiming that the company was attacked through the networks of Orange Business Solutions, a division of the main company. After completing the attack, threat actors gained access to data from Orange Pro/SME customers.

Esta imagen tiene un atributo ALT vacío; su nombre de archivo es orange17072020.jpg
SOURCE; BleepingComputer

“Between July 4 and 5, Orange teams detected a cyberattack; the IT team mobilized immediately to contain the infection and identify the source of the attack, as well as implement the necessary solutions to ensure the integrity of our networks,” the report sent to BleepingComputer, says.  

Affected customers were notified as soon as possible, and the company continues to monitor their networks for any indication of suspicious activity.

“Le Forfait Informatique”, one of Orange’s affected platforms, allows business users to host cloud workstations, while outsourcing IT support for stations hosted on Orange services. Threat actors published a 339 MB file called ‘Orange_leak_part1.rar’, which could contain compromised business information.

Ransom Leaks, a platform dedicated to the analysis of information exposed in these types of incidents, states that the exposed file contains emails, aircraft plans and files from the French firm ATR Aircraft.

Ransomware infections are one of the most common attack variants, and criminals continue to evolve in their methods. A recent practice is to steal unencrypted information to expose it on hacking forums as a way to pressure victims to pay the ransom right away.