French Telecom Giant Orange Hit by Cyberattack

📟 News

Date: 31/07/2025

The French telecommunications company Orange, one of the largest telecom operators in the world, reports the discovery of a compromised system within its network.

On July 25, 2025, the compromised system was detected and isolated from the rest of the company’s network by specialists from the Orange Cyberdefense division, which focuses on cybersecurity issues.

It is reported that this caused disruptions primarily affecting French Orange customers. The issues are expected to be resolved today, July 30.

“On Friday, July 25, Orange Group detected a cyberattack on one of its information systems. Upon receiving the alert, with the support of Orange Cyberdefense, our teams were fully mobilized to isolate potentially affected services and minimize the consequences,” the company said in an official statement. “However, these actions to isolate the systems resulted in disruptions to some services and management platforms for our business clients, as well as affecting a number of consumer services, mainly in France.”

The company has already informed the relevant authorities about the cyberattack. It is also emphasized that, at present, the investigative team has not found any evidence that any data may have been stolen during the breach.

Orange does not associate this incident with any specific hacker group. However, it clearly resembles a series of large-scale breaches affecting telecommunications companies worldwide, including AT&T, Verizon, Lumen, Charter Communications, Consolidated Communications, and Windstream (1, 2, 3). The FBI and CISA attribute these attacks to the Chinese cyber-espionage group Salt Typhoon.

Related posts:
2025.02.14 — 12,000 Kerio Control firewalls remain vulnerable to RCE

Security experts report that more than 12,000 GFI Kerio Control firewall instances remain vulnerable to the critical RCE vulnerability CVE-2024-52875, which was fixed…

Full article →
2025.04.12 — Hackers compromised a bureau within the U.S. Department of the Treasury and spent months in hacked systems

The Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury, reported a major cybersecurity incident. Unknown attackers had…

Full article →
2025.02.05 — Google patches Android zero-day vulnerability exploited by hackers

Google released the February set of patches for Android. In total, they fix 48 bugs, including a kernel zero-day vulnerability actively exploited by hackers. The zero-day's…

Full article →
2025.01.25 — 18,000 script kiddies have been infected with backdoor via XWorm RAT builder

According to CloudSEK analysts, malefactors attack novice hackers using a fake malware builder. Script kiddies' systems become infected with a backdoor that steals data and subsequently…

Full article →
2025.04.15 — Hackers exploit authentication bypass bug in OttoKit WordPress plugin

Hackers exploit an authentication bypass vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin used by more than 100,000 websites. First attacks were recorded just…

Full article →
2025.02.10 — Failed attempt to block phishing link results in massive Cloudflare outage

According to the incident report released by Cloudflare, an attempt to block a phishing URL on the R2 platform accidentally caused a massive outage; as a result, many Cloudflare…

Full article →
2025.01.26 — Cisco patched a critical vulnerability in Meeting Management

Cisco released updates to fix a critical (CVSS score: 9.9) vulnerability in Meeting Management. The bug enables an unprivileged remote authenticated attacker to gain administrative privileges. The vulnerability…

Full article →
2025.02.01 — Critical RCE vulnerability fixed in Cacti

A critical vulnerability has been discovered in the open-source Cacti framework: it enables an authenticated attacker to remotely execute arbitrary code. Vulnerability's ID is CVE-2025-22604; its…

Full article →
2025.04.10 — April updates released by Microsoft cause issues with Windows Hello

Microsoft warns that some Windows users who have installed the April updates might be unable to login to their Windows services using Windows Hello facial recognition…

Full article →
2025.02.17 — Dutch police seize 127 servers belonging to Zservers hosting provider

Following the introduction of international sanctions against Zservers, Russian 'bulletproof' hosting services provider, the Dutch National Police (Politie) shut down and seized 127 servers belonging to Zservers/XHost.…

Full article →