A hacker claims to have stolen hundreds of inner paperwork with consumer information and worker knowledge after breaching the programs of Orange Group, a number one French telecommunications operator and digital service supplier.
The risk actor printed on a hacker discussion board particulars concerning the stolen knowledge after making an attempt to extort the corporate unsuccessfully.
Orange confirmed the breach to BleepingComputer saying that it occurred on a non-critical software. The corporate intiated an investigation and is working to reduce the impression of the incident.
Based on the risk actor, who makes use of the alias Rey and is a member of the HellCat ransomware group, the stolen knowledge is usually from the Romanian department of the corporate and contains 380,000 distinctive e mail addresses, supply code, invoices, contracts, buyer and worker data.
Rey advised BleepingComputer that the breach was not a HellCat ransomware operation and that they’d entry to Orange’s programs for over a month.
On Sunday morning, they began exfiltrating firm knowledge and the exercise ran for about three hours with out the corporate detecting it.
Some samples shared with BleepingComputer present e mail addresses from former and present Orange Romania staff, companions, and contractors, together with partial particulars for fee playing cards belonging to Romanian clients.
A few of the knowledge we verfied was fairly outdated. For example, a number of the e mail addresses had been utilized by people that had labored or collaborated with Orange Romania greater than 5 years in the past.
Within the pattern with partial fee card data, we discovered many situations the place the info had expired. The leak additionally incorporates e mail addresses and names of Yoxo clients, Orange’s subscription service with no contract interval.
Rey says that they stole virtually 12,000 information totaling shut to six.5GB after compromising Orange’s programs by exploiting compromised credentials, and vulnerabilities within the firm’s Jira software program for bug/concern monitoring, and inner portals.
supply: Rey
The risk actor advised us they dropped a ransom observe on the compromised system however Orange didn’t provoke negotiations.
BleepingComputer reached out to each Orange Group with a request for remark and the corporate mentioned they had been trying into the matter. Whereas Orange Romania didn’t reply with an official assertion, an Orange spokesperson advised us that they have been discussing internally on the incident and the steps to mitigate it.
“Orange can affirm that our operations in Romania have been the goal of a cyberattack,” an organization consultant advised BleepingComputer.
“We took instant motion, and our high precedence stays defending the info and pursuits of our staff, clients and companions. There was no impression on clients’ operations, and the breach was discovered to happen on a non-critical again workplace software” – Orange
The corporate consultant mentioned their “cybersecurity and IT groups are working arduous to evaluate the extent of the breach and reduce the impression of this incident.”
“We’re dedicated to offering common updates. Moreover, we’re dedicated to complying with all authorized obligations related to such incidents and we’re cooperating with the related authorities to handle this matter,” reads the remainder of the assertion.
Rey advised us they breached Orange independently however they’re a part of the HellCat ransomware group, which has claimed assaults on Schneider Electrical and Spanish telecommunications firm Telefónica.
In each breaches, the hackers focused Jira servers and scraped or stole 40GB of information and a couple of.5GB of paperwork respectively.
