The Babuk ransomware group has taken responsibility for a recent cyberattack on Orange, a leading global telecommunications company.
In an exclusive interview with SuspectFile.com, Babuk detailed how they exploited a zero-day vulnerability in Orange’s systems to gain access to sensitive data, which was later sold to a third party for $10,000.
Attack Details and Impact
Babuk revealed that the attack was meticulously planned and executed over a long period, with the group managing to remain undetected for several months.
This prolonged intrusion raises concerns about Orange’s threat detection capabilities and highlights the vulnerability of even large companies with significant cybersecurity investments.
The attack targeted Orange Romania, a strategic hub in the European telecommunications market, though the exact reason for this focus was not disclosed.
The consequences of the attack are multifaceted, impacting Orange economically, reputationally, and operationally.
Babuk noted that the breach could lead to financial losses and potential fines, damage customer and partner trust, and disrupt key services.
Despite Orange’s efforts to mitigate the damage, Babuk planned a second attack aimed at encrypting the company’s entire infrastructure, though they were eventually thwarted.
Ransom and Data Sale
Interestingly, Babuk did not directly contact Orange or intermediaries to negotiate a ransom payment.
Instead, they sold the stolen data to an unknown buyer, who attempted to extort Orange but ultimately failed and published the data on BreachForums.
This scenario illustrates how ransomware groups are diversifying their business models beyond direct ransom demands to include the sale of stolen data on the underground market.
Babuk expressed intentions to strengthen their operations, drawing inspiration from well-established groups like LockBit and RansomHub.
The group sees a future where ransomware attacks become increasingly sophisticated and targeted, emphasizing the need for companies to continuously update their defensive strategies to counter evolving threats.
The Orange attack serves as a stark reminder of the vulnerabilities that even major corporations face in the face of advanced cyber threats.
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Warning for WordPress Admins – Fake SEO Plugins Hijacking Websites")
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Apache APISIX Flaw Enables Unauthorized Cross-Issuer Access Due to Misconfigurations")
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Instagram Adopts Daily TLS Certificate Rotation with One-Week Validity")
