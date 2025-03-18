The Babuk cybercrime network claims to have breached the system of the French telecommunications company Orange again on March 17, after the February 23 security breach, and stolen massive amounts of data. Now, the hackers threaten to make some of it public.

In February, Romania’s National Cybersecurity Directorate, or DNSC, reported that the breach impacted institutions, city halls, schools, hospitals, banks, insurers, transport and energy companies, as well as individuals in Romania. The hack, claimed by a member of the HellCat ransomware group, apparently resulted in the theft of 6.5 GB of data, according to the hackers.

The attack on March 17, however, appears to have been more important. Hackers claim to have stolen "all information related to orange.com and orange.ro in Romania," threatening to publish 1TB of data "if they do not want to negotiate with us,” according to Profit.ro.

The hackers say they stole 4.5TB of "highly detailed" information, including email addresses, customer records, source code, internal documents, invoices, contracts, projects, tickets, user data, employee data, messages, credit card details, call logs, and other personally identifiable information.

Representatives of Orange Romania told Profit.ro that they have not been contacted by the potential attackers.

“So far, we have not been contacted by potential attackers and have not received any negotiation requests regarding a possible cybersecurity incident. We have seen the post you are referring to, our experts have analyzed the published file samples, and the indicated link leads to the same archives exfiltrated in the recent cyberattack on Orange Romania. We are continuing to monitor the situation alongside Orange Group and the National Cybersecurity Directorate,” the company said.

Babuk is a ransomware cartel targeting large companies. It first appeared in 2020, and researchers from SentinelOne have linked it to another cybercriminal organization with ties to Russia and Evil Corp. It was inactive for almost a year but announced its return in January through a series of posts on Telegram. Since then, the network has claimed responsibility for about 60 attacks.

Orange operates in 26 countries and serves 287 million customers. In Romania, it is the largest telecommunications player, with nearly 10 million customers.

(Photo source: Peerapong Boriboon | Dreamstime.com)