Telecom Giant Orange Responding To Cyberattack On ‘Information Systems’

Orange first detected the cyberattack on Friday, July 25, when its security team saw intrusion on one of its information systems.

The telecom provider dialled in its Orange Cyberdefense team who sprung in action “to isolate the potentially affected services and limit the impacts,” Orange said in a press statement.

“However, these isolation operations have resulted in the disruption of certain services and management platforms for some of our corporate customers and some consumer services, primarily in France,” it added.

The company ensured that it had already identified the issues and were working on solutions that under “heightened vigilance” will allow a gradual restoration of the important services by Wednesday morning, July 30.

Also read: Orange Recovers from Cyberattack, Restoring Internet to Spanish Customers

Orange telecom has a strong presence across Europe, Africa and the Middle East. In fact, in MEA, every three out of 10 people are Orange customers. It serves more than 291 million customers worldwide and the breach has definitely got them worried. But to calm the nerves Orange stated: “At this stage of the investigation, there is no evidence to suggest that any customer or Orange data has been extracted. We remain vigilant in this regard.”

The telecom giant did not respond any further requests that would ascertain the exact type of cyberattack. It said, “For obvious security reasons, Orange will not comment further.

The Orange cyberattack is not an isolated incident. The French telecommunications industry has been a primary target for adversaries in the past two years, revealed a recently published report from the Computer Emergency Response Team of France that operates under the French cybersecurity agency, ANSSI.

Espionage has been the main reason for these attacks and ANSSI stated it has already dealt with significant compromises of information system operators in this sector for this purpose. Pointing to the Salt Typhoon’s attacks on the U.S. telecom sector, the French cybersecurity agency said, “The telecommunications sector as a whole is regularly and significantly targeted by groups of attackers believed to be linked to China, particularly in Asia.

Also read: Salt Typhoon Cyberattack: FBI Investigates PRC-linked Breach of US Telecoms

It also revealed that in one particular instance, the state-sponsored attackers compromised the core mobile network of an unnamed telecommunications provider in the country. “The main characteristics of the modus operandi observed during this compromise were a good knowledge of the communication protocols specific to the sector and a focus on equipment that is unconventional or rarely supervised by security solutions.”

In another instance, an operator’s satellite communication infrastructure was deeply compromised for several years, enabling the attacker heightened privileges to conduct sabotage actions. Another telecommunications operator received ANSSI’s assistance in removing a malicious actor present in its systems since at least December 2022. This attacker, known for targeting the sector again achieved high-level privileges, enabling lateral movement, espionage, and sabotage. Interception of specific communications was confirmed to be a key objective of this threat actor.

ANSSI noted that in most cases the cyberattacks were detected years after initial compromise. It anticipates continued targeting of this infrastructure type and urged the telecommunications sector to heighten its vigilance.