Article illustration 1

Orange disclosed on Monday that its security team detected and contained a cyberattack on July 25th, resulting in isolated systems and service disruptions for French business and consumer customers. The company's specialized Orange Cyberdefense unit responded immediately upon detection, preventing wider network infiltration. Operations are expected to normalize by July 30th, though investigations continue into the attack's origin and full impact.

"On Friday, July 25, the Orange Group detected a cyberattack on one of its information systems. Immediately alerted, with the support of Orange Cyberdefense, the teams mobilized fully to isolate the potentially affected services and limit the impact," stated the telecom provider.

While Orange confirmed authorities were notified and a complaint filed, investigators found no evidence of data exfiltration—a critical relief given the operator's vast holdings of customer data across 26 countries. The breach's methodology, however, raises alarms among cybersecurity analysts. Its characteristics align with the Salt Typhoon campaign, a Chinese state-sponsored group formally attributed by the FBI and CISA in October 2024 for breaching major U.S. telecoms including AT&T, Verizon, and Lumen, alongside providers in dozens of other nations.

This incident continues a troubling pattern for Orange, following a February breach at its Romanian subsidiary where threat actor 'Rey' claimed theft of employee data, source code, and contracts. As one of the world's largest carriers—serving 256 million mobile subscribers and reporting €40.3 billion in 2024 revenue—Orange represents high-value infrastructure for espionage actors seeking persistent access to global communications. Recent breaches at Comcast, Digital Realty, and Viasat further illustrate Salt Typhoon's relentless targeting of this sector.

Telecom networks form the backbone of modern digital economies, making them strategic targets for nation-states. This attack underscores the persistent vulnerability of critical service providers despite advanced defensive units like Orange Cyberdefense. The containment success demonstrates robust incident response protocols, yet the repeated targeting of global telecoms suggests adversaries are refining tactics to bypass layered defenses. For security teams worldwide, the Orange incident serves as a stark reminder: protecting telecommunications infrastructure requires anticipating not just criminal ransomware, but sophisticated, geopolitically motivated intrusions designed for long-term access.

Source: BleepingComputer