By - A hacker named Rey exfiltrated tens of thousands of records from Orange Romania
- They demanded payment, but Orange refused
- The company is now investigating claims of data theft
Orange Group has confirmed suffering a cyberattack recently, but has said it is still looking into claims of valuable data was stolen.
A member of the HellCat ransomware organization, alias Rey, held access to a “non-critical application”, belonging to Orange Romania, the company’s local branch. They obtained the access by exploiting compromised credentials and flaws in Jira.
The hacker recently started exfiltrating data from the app, and later told BleepingComputer they pulled 380,000 unique email addresses, source code, invoices, contracts, and customer and employee information. In total, they grabbed some 12,000 files, weighing roughly 6.5GB, and while this wasn’t a ransomware operation, the hacker did leave a ransom note and did try to extort the company for money. Orange, however, did not initiate any negotiations, prompting the attacker to release the data on the dark web.
Confirming the attack
Soon after, Orange confirmed it did suffer a cyberattack and that it was looking into the matter.
“Orange can confirm that our operations in Romania have been the target of a cyberattack,” a company representative said. “We took immediate action, and our top priority remains protecting the data and interests of our employees, customers and partners. There has been no impact on customers’ operations, and the breach was found to occur on a non-critical back office application.”
The publication also analyzed a data sample and said that, while verified, it was “quite old”.
Some email addresses were used by individuals that worked, or collaborated with, Orange Romania, more than half a decade ago. Other names and email addresses belonged to Yoxo customers, Orange’s subscription service with no contract period, meaning it is difficult to determine if the data is still valid, or not.
Some of the partial payment card information found had expired long ago, BleepingComputer added.
