Redazione RHC : 30 July 2025 13:59
French telecommunications company Orange, which serves nearly 300 million customers worldwide, reported a serious security incident that caused disruptions to key services in France. The incident was detected on the evening of July 25 by specialists from Orange’s Cyberdefense division, after which the affected system was immediately isolated from the rest of the infrastructure.
Despite the rapid response, the localization of the threat caused temporary disruptions in the operation of corporate platforms and individual consumer services, including access to service management and internal administrative functions.
The disruptions primarily affected customers in France. Full restoration of normal operations is expected today.
Monitoring of criminal underground networks revealed on July 28th that a threat actor posted an announcement on an underground forum offering over 6,000 records belonging to Orange Moldova for sale.
After discovering the attack, Orange representatives contacted the relevant authorities and filed an official lawsuit, but it has not yet been disclosed which vectors were used by the attackers. The company emphasizes that, at the current stage of the investigation, there are no signs of user data leakage or theft of confidential information.
The incident itself bears many similarities to a wave of attacks against telecommunications companies previously conducted by the Chinese group Salt Typhoon, known from CISA and FBI reports for attacks against telecom operators in the United States and abroad. Those targeted by these large-scale operations include AT&T, T-Mobile, Verizon, Lumen, Windstream, and other major telecommunications companies, as well as satellite providers such as Viasat.
Interestingly, this is the second attack on Orange in the last six months. In February 2025, a hacker using the pseudonym Rey reported the compromise of the company’s Romanian division’s infrastructure. At the time, this involved access to internal documents, code, contracts, email addresses, and employee data, including sources claiming that over 380,000 email addresses had been stolen. The company acknowledged the attack on an ancillary application but insisted that critical infrastructure elements were not affected.
Orange holds a dominant position in Europe, Africa, and the Middle East, providing mobile communications, broadband, and cloud services to businesses. In 2024, the company served 256 million mobile customers and 22 million landline customers, with over 125,000 employees and annual revenue of €40.3 billion.
The current attack, despite the absence of a confirmed data leak, remains highly worrying: the threat of a repeat of large-scale espionage campaigns remains real, especially given the sensitivity of the telecommunications infrastructure and the international reach of Orange’s operations.