Go to listing page

Nefilim Ransomware Attack on Orange SA Exposed Customer Data

Nefilim Ransomware Attack on Orange SA Exposed Customer Data
Many malware and threat groups consider telecommunication organizations as a hefty source of data, and they keep trying to break through the security walls of such organizations. Recently, something similar happened with Orange, the fourth-largest mobile operator in Europe.

What happened?

Lately, Orange S.A., the French Telecom Services provider, confirmed that they suffered a ransomware attack exposing the data of twenty of their Orange Pro SME customers.
  • Nefilim ransomware breached the company through its Orange Business Solutions division and added the stolen data to its data leak site on July 15, 2020.
  • The operators published a 339MB archive file titled 'Orange_leak_part1.rar' that contained stolen emails, airplane schematics, and files from ‘ATR Aircraft’, a French aircraft manufacturer.
  • It is believed that Nefilim ransomware operators gained access to the ATR Aircraft data via Orange's Le Forfait Informatique platform.

Prominent incidents targeting the communications industry

In the past few months, sophisticated hacking groups and malware have been observed targeting the communications and other major industries with critical infrastructure.
  • In May, the Greenbug espionage group targeted telecommunication companies in South Asia by mixing off-the-shelf tools and living-off-the-land techniques in attacks.
  • Meanwhile, the Mikroceen RAT operators launched a new attack wave, targeting government entities, telecommunications firms, and the gas industry. 
  • Also, the RATicate group launched campaigns targeting various types of entities from the industrial sector like Manufacturing, Real Estate, IT, Financial, Media, Communications, and Transportation.

What now?

Besides implementing all security measures, telecommunication organizations need to train their employees to reduce the risk of infiltration. The early detection of cyberattacks is vital - the longer the criminals have access, the more damage they can do to the customer data.
Cyware Publisher