Stratos Ally

Orange Telecom Targeted in Cyberattack: 12,000 Internal Files Leaked

Picture of StratosAlly

StratosAlly

Orange Telecom Targeted in Cyberattack: 12,000 Internal Files Leaked

Orange Group, a prominent French telecommunications company, has confirmed a data breach after a hacker going by the alias Rey, associated with the HellCat ransomware group, claimed to have stolen thousands of internal documents containing user records and employee data.  

Talking about the ‘Why?’ 

Rey tried to extort Orange and, after the unsuccessful attempt, posted the stolen details publicly on a hacker forum. While Rey is affiliated with the HellCat ransomware group, it was confirmed that this was an individual heist and not a ransomware attack by the group. The HellCat group has a history of targeting companies like Schneider Electric and Telefónica, often exploiting Jira servers. 

What’s at stake? 

Orange confirmed that the breach affected their Romania branch. However, the affected application is a non-critical one. 

A total of 6.5GB of data across 12,000 was siphoned off, which includes 38,000 unique email addresses, source codes, contracts, projects, invoices, tickets, employee information, and user data, along with classified files outlining future project plans. 

The silver lining: some of the leaked data (email addresses, customer names, and subscription services) was verified to be outdated. The partial payment card info in a few cases also had expired data. 

Coming to the ‘How?’ 

The malicious actor stated that they had access to the organization’s systems for over a month prior to the exfiltration. The threat actor exploited compromised credentials and vulnerabilities in Orange’s Jira software (issue and project tracking tool) and internal portals to gain access and exfiltrate data. The attack was carried out on Sunday over a period of three hours and was surprisingly not detected by any security system.  

What’s Next? 

Orange stated that it is investigating the breach to understand the extent and working to minimize its impact. It also emphasized that customer operations were unaffected as the breach targeted a non-critical back-office application. They have pledged to provide regular updates, comply with legal obligations, and cooperate with authorities. 

This incident underscores the importance of strong security controls and vulnerability management in telecom companies, as these often maintain vast amounts of personal and financial data. With the rising incidents of cybercriminals targeting data-intensive industries, the telecom sector remains a prime target for malicious actors seeking valuable information. 

more Related articles