This Sunday night, September 4, a user of a forum frequented, at least as much by cybercriminals as by threat intelligence analysts, announced the availability of a list of customer contact details. Micro-SOC offers of Orange Cyberdefense.
Said list contains information relating to a few hundred companies, in France as well as abroad, with contact name, telephone numbers, e-mail address, name of the organization – many public establishments are concerned.
According to the first information that we were able to gather, Orange Cyberdefense began to alert the customers concerned as of Monday, September 5 and continues to send them regular e-mails to inform them of the progress of the investigation and of the measures taken in result. At least one person on the list, however, was surprised to learn of the incident during our call.
At this stage, the customers we have been able to reach seem to be mainly concerned about the possible disclosure of configuration information or processing rules. Elements that could be used to compromise their information system. At this point, nothing like that seems to have happened.
But perhaps the most worrying is the allegation of the person behind the leak: according to this, access is for sale on Orange Cyberdefense servers. According to the information we have managed to gather, this assertion is unfounded.
We have sent several questions to Orange Cyberdefense, in particular on this last point, but these are currently unanswered. To our colleagues from Databreaches.netthe French service provider was content to indicate that “the investigations are in progress and all the necessary measures have been taken to notify the customers concerned as well as the authorities”.
If, from the outside, a form of internal malice is widely suspected, the investigation initiated has not yet made it possible to establish the origin of the leak.