Babuk targets French telecommunications giant

What would a cyberattack on your local government look like? Drata analyzed threat trends to break down the growing issue.
– THOMAS SAMSON/AFP // Getty Images

Following recent reports that ransomware group Babuk has breached French telecommunications giant Orange, stealing 4TB of data and threatening its release, Ronen Ahdut, Head of CyOps at Cynet pinpoints weaknesses with the governance systems in many businesses, highlighting vulnerabilities to such attacks.

This attack underscores the growing trend of repeat victimization in ransomware campaigns, as well as the financial motivations that drive threat actors to continuously target high-profile organizations.

Ahdut begins by summarising the incident: “This March incident, following a similar ransomware attack on Orange Romania by HELLCAT group in February 2025, highlights the persistent threat landscape faced by large organizations.”

With the nature of this incident, Ahdut charts several inherent weaknesses: “While Orange, with its multiple locations, thousands of employees, and publicly disclosed breach data, presents a broader attack surface than some, it’s important to note that ransomware operators are fundamentally opportunistic. They seek financial gain and will exploit any available vulnerability, regardless of the specific target. If a new vulnerability emerges, they will act swiftly, and the target can vary significantly.”

Other firms should not feel complacent as a result of the cyberattack, Ahdut cautions: “While Orange’s size and history may provide numerous potential attack vectors, making it a broader target, it’s as legitimate a target as any other large organization due to the general nature of ransomware operations.”

In terms of the threat actor, Ahdut identifies: “Babuk, the group allegedly behind the attack, has undergone several transformations since its original form in 2021. After the release of its source code on underground forums, various actors adapted it into their own ransomware-as-a-service (RaaS) programs, leading to the emergence of Babuk2.”

This introduces a new challenge to threat landscape: “This new iteration has published information on more than 45 victims in March 2025 alone, frequently targeting organizations that had previously suffered breaches. While the primary goal of these attacks is financial, the collateral damage extends to institutions, businesses, and individuals, as seen in Romania, where the breach impacted institutions, city halls, schools, hospitals, banks, insurers, transport and energy companies, as well as individuals.”

There is more to the incident which Ahdut reveals: “Additionally, Babuk has used Orange’s name on its website to bolster its credibility in underground markets and attract more affiliates to its program, demonstrating how threat actors leverage high-profile attacks for publicity.”

There are measure, nonetheless, that firms cab adopt to repel such attacks. Ahdut recommends: “To mitigate future threats, organizations must adopt a multilayered security approach. Implementing endpoint detection and response (EDR/XDR), monitoring firewall logs, and deploying data loss prevention (DLP) solutions are crucial for early threat detection.”

Ahdut also puts forward: “Companies should also establish a Cyber Incident Response Team (CIRT), conduct regular risk assessments, and train employees on cybersecurity best practices. It is not a question of if, but when an attack will occur, making proactive planning essential. A well-structured Incident Response Plan (IRP) and secure data backups can help organizations prepare for inevitable cyberattacks and reduce their operational impact.”

However, preparation alone is not enough. Ahdut advises: “Effective Cyber Threat Intelligence (CTI) can help organizations anticipate threats, respond faster, and adapt smarter during an incident. Understanding who the adversary is, what their tactics are, and which emerging threats are relevant to a specific industry allows organizations to tailor defences accordingly, proactively mitigating risks before they escalate into breaches.”