Babuk, a notorious ransomware group, has claimed responsibility for a significant cyberattack on Orange, one of the world’s leading telecommunications companies.
This attack, which was meticulously planned over a long period, resulted in the exfiltration of sensitive data. According to Babuk, the stolen data was later sold to a third party for $10,000.
The Babuk group confirmed that they exploited a zero-day vulnerability in Orange’s systems to gain initial access to the company’s network.
This zero-day exploit, which was not previously known or patched, allowed the attackers to remain undetected for several months.
Such vulnerabilities are highly prized by cybercriminals as they enable them to launch attacks without being detected by traditional security measures.
The ease with which Babuk breached Orange’s systems raises questions about the company’s threat detection capabilities and the security of its infrastructure.
The attack targeted Orange Romania, a strategic hub for the company’s operations in Europe.
Babuk did not reveal why they specifically chose this division, but it is believed that its significant presence in the European telecommunications market made it an attractive target.
Following the initial breach, Babuk planned a second attack aimed at encrypting Orange’s entire infrastructure.
However, the company managed to mitigate this attempt by closing access points, although not before further compromise occurred.
SuspectFile analysts noted that the incident highlights the evolving nature of ransomware attacks and the underground market for stolen data.
Babuk’s actions demonstrate how ransomware groups are diversifying their tactics beyond traditional ransom demands.
The sale of stolen data to third parties, who then attempt to ransom it back to the victim or publish it on platforms like BreachForums, illustrates this shift.
The Babuk group’s attack on Orange underscores the challenges faced by large companies in securing their infrastructure against sophisticated threats.
The use of zero-day vulnerabilities, combined with the prolonged undetected presence in Orange’s systems, shows the advanced capabilities of modern ransomware groups.
Babuk’s decision to sell stolen data rather than engage directly with Orange for a ransom reflects the multifaceted nature of modern cybercrime.
This incident serves as a critical reminder for organizations to continuously update their defensive strategies to counter these evolving threats.
Besides this the scope of the breach are not publicly available due to the nature of the attack.
Powered by
