- Ransomware operators Babuk adds Orange to their data leak site
- They claim to have broken into Orange in mid-March 2024, stealing sensitive data
- Researchers believe there is merit to the claims
Telecom giant Orange has reportedly again been hit by a ransomware attack after cybercriminal organization Babuk posted a data sample on its website, claiming proof of a successful breach at the company.
Orange, however, claims that these aren't two separate attacks.
The group claims to have broken into Orange on Sunday, March 16, stealing “all information related to orange.com and orange.ro from Romania.”
“We will publish 1TB if they do not want to negotiate with us,” Babuk apparently said on its website. “And there is still a lot more that we stole, the sample is not much.”
"Very detailed information"
Babuk is not as popular as LockBit, or RansomHub, but it’s still a major ransomware player, who allegedly claimed 60 victims this year alone. It’s been around for years, although with long periods of inactivity.
If the group is telling the truth, they stole 4.5TB of “very detailed information”, including email addresses, customer records, source code, internal documents, invoices, contracts, projects, tickets, user data, employee data, messages, credit cards, call logs, and other personally identifiable information (PII) among the stolen data.
Researchers from Cybernews reviewed the sample posted on the website and say the claims “might be credible.”
“The threat actor uploaded a 6.44GB Orange data sample with thousands of Orange internal documents,” Cybernews explained. “Some files include employee data, like names, usernames, email addresses, and time zones, as well as a list of various Jira projects related to the Orange.ro domain.”
In late February, Orange Group confirmed suffering a cyberattack, but said at the time it was still looking into claims of valuable data being stolen. This attack was claimed by a member of the HellCat ransomware application, who also stole data belonging to Orange Romania.
Now, Orange says that the new claims are a "simple republication" of the previous leak.
“According to news published on 16 March, an attacker is claiming to have exfiltrated data related to orange.com and orange.ro. This follows an initial attack claim made public on February 23," an Orange spokesperson told TechRadar Pro in an email statement.
“After a detailed analysis, Orange can confirm that there has been no new attack, compromise or ransomware request on the Orange group’s IT systems, including orange.com. This latest publication seems to be a simple republication of a previously publicized leak concerning Orange Romania."
"No impact"
“Regarding this previous attack, Orange has already confirmed that a non-critical, internal ticketing application for our B2C operations in Romania was targeted. Immediate measures have been taken to prioritize the protection of our employees', customers', and partners' data. There has been no impact on the services provided to customers. There has been no new attack on our operations in Romania," the spokesperson continued.
"The incident involves a non-critical back-office application from which an unauthorized third party managed to extract data, which was then disseminated on a specialized site. Access to this application has been strengthened and is under increased monitoring."
“The incident has been reported to the Romanian authorities, including the national data protection authority (ANSPDCP), within the regulatory timeframe and we are working closely with the National Cyber Security Directorate in Romania.
Investigations are ongoing to clarify the impacts of this incident. Communication is underway with the affected Romanian customers.”
You might also like
- Telefónica says it was hit by systems breach, internal data leaked online
- We've rounded up the best password managers
- Take a look at our guide to the best authenticator app
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
