Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Orange Business Services hit by Nefilim ransomware operators

Security researchers at Cyble reported that Nefilim ransomware operators allegedly targeted the mobile network operator Orange. Researchers from Cyble came across a post of Nefilim ransomware operators which were claiming to have stolen sensitive data of Orange S.A., one of the largest mobile networks based in France. The discovery was made by the experts during their regular […]

orange business services nefilim ransomware

Security researchers at Cyble reported that Nefilim ransomware operators allegedly targeted the mobile network operator Orange.

Researchers from Cyble came across a post of Nefilim ransomware operators which were claiming to have stolen sensitive data of Orange S.A., one of the largest mobile networks based in France.

The discovery was made by the experts during their regular Deepweb and Darkweb monitoring activity.

Orange S.A. is a French multinational telecommunications corporation founded in 1988. The telco operator has 266 million customers worldwide and employs 89,000 people in France, and 59,000 abroad. The company is currently the tenth-largest mobile network operator in the world and the fourth largest in Europe.

According to Cyble, the hackers claim to have compromised the Orange Business Solutions, a subsidiary of Orange S.A,. and have published a portion of the sensitive data as proof of the attack.

Orange confirmed to BleepingComputer that the Orange Business Services division was victim of a ransomware attack on the night of Saturday, July 4th, 2020, into July 5th. The gang gained access to twenty Orange Pro/SME customers’ data.

“A cryptovirus-type computer attack was detected by Orange teams during the night of Saturday 04 July to Sunday 05 July 2020. Orange teams were immediately mobilised to identify the origin of this attack and has put in place all necessary solutions required to ensure the security of our systems.” reads a statement issued by Orange.

“According to an initial analysis by security experts, this attack has concerned data hosted on one of our Neocles IT platforms, “Le Forfait Informatique”, and no other service has been affected”. it adds.

“However, this attack seems to have allowed hackers to access the data of around 20 PRO / SME customers hosted on the platform. Affected customers have already been informed by Orange teams and Orange continues to monitor and investigate this breach. Orange apologises for the inconvenience caused”.

Orange’s “Le Forfait Informatique” is a software platform that allows enterprise customers to host virtual workstations in the cloud while Orange Business Services provides IT support for them.

Nefilim ransomware operators leaked a 339MB archive file titled ‘Orange_leak_part1.rar’ that contained data that was allegedly stolen by the hackers.

The Cyble research team analyzed the data leaked by the Nefilim ransomware operators consisting of various sensitive and corporate operational documents of Aero Technique Espace (ATE), a well-established French aircraft painting company that had been acquired by Air works.

orange business services nefilim ransomware
orange business services nefilim ransomware

The data also includes data sample documents of Avions de transport regional (ATR), a Franco-Italian aircraft manufacturer based in France.

“The leaked documents related to ATE seem to include checklists reports before the presentation of aviation planes, observation of technical faults reports, aviation painting reports, and much more.” reads the post published by Cyble.

“The leaked documents related to ATR seem to include multiple aircraft architecture designs, email conversations, transfer of responsibility documents, and much more.”

Nefilim ransomware operators claim that both ATE and ATR have a business relationship with Orange Business Services.

The ransomware gang is now threatening the company of releasing the stolen data if it will not pay the ransom.

Orange has immediately notified the customers of the security breach.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Nefilim ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]