A hacker claims to have stolen 1000’s of inside paperwork with person data and worker knowledge after breaching the programs of Orange Group, a number one French telecommunications operator and digital service supplier.
The risk actor printed on a hacker discussion board particulars concerning the stolen knowledge after making an attempt to extort the corporate unsuccessfully.
Orange confirmed the breach to BleepingComputer saying that it occurred on a non-critical utility. The corporate intiated an investigation and is working to attenuate the affect of the incident.
In accordance with the risk actor, who makes use of the alias Rey and is a member of the HellCat ransomware group, the stolen knowledge is usually from the Romanian department of the corporate and consists of 380,000 distinctive e mail addresses, supply code, invoices, contracts, buyer and worker info.
Rey informed BleepingComputer that the breach was not a HellCat ransomware operation and that that they had entry to Orange’s programs for over a month.
On Sunday morning, they began exfiltrating firm knowledge and the exercise ran for about three hours with out the corporate detecting it.
Some samples shared with BleepingComputer present e mail addresses from former and present Orange Romania workers, companions, and contractors, together with partial particulars for cost playing cards belonging to Romanian prospects.
Among the knowledge we verfied was fairly previous. As an illustration, among the e mail addresses had been utilized by people that had labored or collaborated with Orange Romania greater than 5 years in the past.
Within the pattern with partial cost card info, we discovered many cases the place the information had expired. The leak additionally incorporates e mail addresses and names of Yoxo prospects, Orange’s subscription service with no contract interval.
Rey says that they stole nearly 12,000 recordsdata totaling shut to six.5GB after compromising Orange’s programs by exploiting compromised credentials, and vulnerabilities within the firm’s Jira software program for bug/situation monitoring, and inside portals.
supply: Rey
The risk actor informed us they dropped a ransom be aware on the compromised system however Orange didn’t provoke negotiations.
BleepingComputer reached out to each Orange Group and Orange Romania with a request for remark and the corporate stated they had been wanting into the matter.
A joint assertion was shared and an Orange spokesperson informed us that they have been discussing internally on the incident and the steps to mitigate it.
“Orange can verify that our operations in Romania have been the goal of a cyberattack,” an organization consultant informed BleepingComputer.
“We took quick motion, and our prime precedence stays defending the information and pursuits of our workers, prospects and companions. There was no affect on prospects’ operations, and the breach was discovered to happen on a non-critical again workplace utility” – Orange
The corporate consultant stated their “cybersecurity and IT groups are working arduous to evaluate the extent of the breach and reduce the affect of this incident.”
“We’re dedicated to offering common updates. Moreover, we’re dedicated to complying with all authorized obligations related to such incidents and we’re cooperating with the related authorities to handle this matter,” reads the remainder of the assertion.
Rey informed us they breached Orange independently however they’re a part of the HellCat ransomware group, which has claimed assaults on Schneider Electrical and Spanish telecommunications firm Telefónica.
In each breaches, the hackers focused Jira servers and scraped or stole 40GB of knowledge and a couple of.5GB of paperwork respectively.