- Babuk ransomware operators add orange to their data leakage site
- They claim to have broken in orange in mid -March 2024, stealing confidential data
- Researchers believe there is merit in statements
According to the reports, the Orange telecommunications giant has been hit again by a ransomware attack after the Babuk cybercriminal organization published a data sample on its website, claiming proof of a successful rape in the company.
The group claims to have entered Orange on Sunday, March 16, stealing “all the information related to Orange.com and Orange.ro de Romania.”
“We will publish 1TB if you don’t want to negotiate with us,” Babuk said apparently on his website. “And there is still much more than we rob, the sample is not much.”
“Very detailed information”
Babuk is not as popular as Lockbit or Ransomhub, but is still an important ransomware player, who allegedly claimed 60 victims only this year. It has existed for years, although with long periods of inactivity.
If the group tells the truth, he stole 4.5TB of “very detailed information”, including email addresses, customer records, source code, internal documents, invoices, contracts, projects, tickets, user data, employee data, messages, credit cards, call records and other personal identification information (PII) between theft data.
Researchers from Cybernews I checked the sample published on the website and says that the statements “could be credible.”
“The threat actor raised a 6.44 GB orange sample with thousands of orange internal documents,” Cybernews explained. “Some files include employee data, such as names, user names, email addresses and time areas, as well as a list of several jira projects related to Orange.ro domain.”
At the end of February, Orange Group confirmed that he suffered a cyber attack, but said at that time that he was still looking for claims of valuable stolen data. This attack was claimed by a member of the Hellcat Ransomware application, which also stole data belonging to Orange Romania.
Orange has not yet made any statement about the attack, but has been contacted to comment.
