Data Breach

Orange Business Services hit by Nefilim ransomware operators

Security researchers at Cyble reported that Nefilim ransomware operators allegedly targeted the mobile network operator Orange.

Researchers from Cyble came across a post of Nefilim ransomware operators which were claiming to have stolen sensitive data of Orange S.A., one of the largest mobile networks based in France.

The discovery was made by the experts during their regular Deepweb and Darkweb monitoring activity.

Orange S.A. is a French multinational telecommunications corporation founded in 1988. The telco operator has 266 million customers worldwide and employs 89,000 people in France, and 59,000 abroad. The company is currently the tenth-largest mobile network operator in the world and the fourth largest in Europe.

According to Cyble, the hackers claim to have compromised the Orange Business Solutions, a subsidiary of Orange S.A,. and have published a portion of the sensitive data as proof of the attack.

Orange confirmed to BleepingComputer that the Orange Business Services division was victim of a ransomware attack on the night of Saturday, July 4th, 2020, into July 5th. The gang gained access to twenty Orange Pro/SME customers’ data.

“A cryptovirus-type computer attack was detected by Orange teams during the night of Saturday 04 July to Sunday 05 July 2020. Orange teams were immediately mobilised to identify the origin of this attack and has put in place all necessary solutions required to ensure the security of our systems.” reads a statement issued by Orange.

“According to an initial analysis by security experts, this attack has concerned data hosted on one of our Neocles IT platforms, “Le Forfait Informatique”, and no other service has been affected”. it adds.

“However, this attack seems to have allowed hackers to access the data of around 20 PRO / SME customers hosted on the platform. Affected customers have already been informed by Orange teams and Orange continues to monitor and investigate this breach. Orange apologises for the inconvenience caused”.

Orange’s “Le Forfait Informatique” is a software platform that allows enterprise customers to host virtual workstations in the cloud while Orange Business Services provides IT support for them.

Nefilim ransomware operators leaked a 339MB archive file titled ‘Orange_leak_part1.rar’ that contained data that was allegedly stolen by the hackers.

The Cyble research team analyzed the data leaked by the Nefilim ransomware operators consisting of various sensitive and corporate operational documents of Aero Technique Espace (ATE), a well-established French aircraft painting company that had been acquired by Air works.

The data also includes data sample documents of Avions de transport regional (ATR), a Franco-Italian aircraft manufacturer based in France.

“The leaked documents related to ATE seem to include checklists reports before the presentation of aviation planes, observation of technical faults reports, aviation painting reports, and much more.” reads the post published by Cyble.

“The leaked documents related to ATR seem to include multiple aircraft architecture designs, email conversations, transfer of responsibility documents, and much more.”

Nefilim ransomware operators claim that both ATE and ATR have a business relationship with Orange Business Services.

The ransomware gang is now threatening the company of releasing the stolen data if it will not pay the ransom.

Orange has immediately notified the customers of the security breach.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Nefilim ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

2 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

8 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

20 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

24 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

This website uses cookies.