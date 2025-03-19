Hackers claim Orange attack, threaten to leak 1TB of data

It is the second attack on Orange in less than a month

ID theft
Image credit: Pixabay (Image credit: Future)
  • Ransomware operators Babuk adds Orange to their data leak site
  • They claim to have broken into Orange in mid-March 2024, stealing sensitive data
  • Researchers believe there is merit to the claims

Telecom giant Orange has reportedly again been hit by a ransomware attack after cybercriminal organization Babuk posted a data sample on its website, claiming proof of a successful breach at the company.

The group claims to have broken into Orange on Sunday, March 16, stealing “all information related to orange.com and orange.ro from Romania.”

“We will publish 1TB if they do not want to negotiate with us,” Babuk apparently said on its website. “And there is still a lot more that we stole, the sample is not much.”

"Very detailed information"

Babuk is not as popular as LockBit, or RansomHub, but it’s still a major ransomware player, who allegedly claimed 60 victims this year alone. It’s been around for years, although with long periods of inactivity.

If the group is telling the truth, they stole 4.5TB of “very detailed information”, including email addresses, customer records, source code, internal documents, invoices, contracts, projects, tickets, user data, employee data, messages, credit cards, call logs, and other personally identifiable information (PII) among the stolen data.

Researchers from Cybernews reviewed the sample posted on the website and say the claims “might be credible.”

“The threat actor uploaded a 6.44GB Orange data sample with thousands of Orange internal documents,” Cybernews explained. “Some files include employee data, like names, usernames, email addresses, and time zones, as well as a list of various Jira projects related to the Orange.ro domain.”

In late February, Orange Group confirmed suffering a cyberattack, but said at the time it was still looking into claims of valuable data being stolen. This attack was claimed by a member of the HellCat ransomware application, who also stole data belonging to Orange Romania.

Orange has not yet made any statement on the attack, but has been contacted for comment.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

