On July 25, 2025, the telecommunications service provider Orange France detected a cyberattack targeting one of its internal information systems.
The incident led to service disruptions affecting several of Orange's business platforms and select consumer services in France, prompting immediate containment efforts and a formal complaint filed with French authorities on July 28.
According to the company's official announcement, security teams from Orange and its subsidiary, Orange Cyberdefense, were quickly mobilized upon identifying the breach. Their first response was to isolate impacted systems in an effort to contain the incident and prevent lateral movement within the network. While these measures successfully limited the attack's spread, they also caused interruptions to some services used by Orange's enterprise clients and a smaller subset of consumer-facing platforms.
Orange is one of Europe's largest telecommunications providers, operating in 26 countries and serving more than 280 million customers worldwide. Its business division delivers a wide range of enterprise solutions, including cloud services, network infrastructure, and cybersecurity offerings, making any disruption to these systems potentially significant for a broad customer base.
As of the company's latest update, engineers have been working to restore core services, with a phased recovery plan expected to reach a stable point by Wednesday morning, July 30. Orange emphasized that, despite the severity of the attack, there is currently no indication that internal or customer data has been exfiltrated. However, an investigation remains ongoing under strict monitoring protocols.
While the company refrained from disclosing technical specifics, such as the nature of the exploit, attack vector, or threat actor, its swift involvement of law enforcement and the decision to formally file a complaint suggest the attack may be part of a broader campaign targeting critical infrastructure in France, or even across Europe.
Such a campaign would be the equivalent of the Salt Typhoon attacks in the US, where Chinese state actors breached multiple large telcos and accessed extremely sensitive data.
Orange France was also claimed by a now-defunct ransomware group called Babuk2 in March 2025, but that incident or the data theft claims were never officially confirmed, and it's unlikely the disclosure is related to it.
Given the lack of confirmed data exfiltration, the attack may have been either a disruptive campaign or an incomplete intrusion caught early in its lifecycle. Orange Cyberdefense, the group's in-house security arm, is expected to lead the forensic analysis and long-term response, and provide more details about what happened in a future update.
Leave a Reply