Unauthorized Access to Orange leads to concerns over SIM-swapping exploitation

Unauthorized Access to Orange leads to concerns over SIM-swapping exploitation

Orange Belgium, a leading telecom provider in the country, has recently fallen victim to a ransomware attack claimed by the Warlock group. Here's a breakdown of the key facts surrounding this incident.

The attack on Orange Belgium is not linked to the attack on Orange's French operations claimed by Babuk2, as stated by an Orange spokesperson. The Warlock ransomware attack is also not associated with international organizations.

The Warlock ransomware group, known to be linked to a Russian-speaking cybercriminal group, has posted a sample of data they purportedly stole from Orange Belgium on their data leak site. Access to the IT system included customer first names, surnames, telephone numbers, SIM card numbers, PUK codes, and tariff plans. However, no passwords, email addresses, or banking and financial data were accessed in the attack.

The intrusion was detected in late July, and it's been reported that a threat actor has compromised 850,000 Orange Belgium customer accounts. The incident raises concerns about the potential threat of SIM swapping attacks. SIM swapping involves transferring a victim's phone number to a cybercriminal's SIM card.

Orange Belgium has taken several measures to prevent further attacks and mitigate the impact. These include implementing additional verification controls to prevent an attacker from requesting replacement of customer SIM cards. Orange Belgium's phone support team will ask extra secret questions if any such request is made.

However, Inti De Ceukelaire, a customer and white hat hacker at bug bounty firm Intigriti, has stated that Orange Belgium's new measures do nothing to address the threat of SIM swapping. The PUK code, an eight-digit security code used to unlock a SIM card, was potentially accessed in the attack.

The Warlock operator recently claimed credit for an attack on UK-based telecoms provider Colt Technology Services. The ransomware group has been deployed extensively by attackers exploiting the Microsoft SharePoint 'ToolShell' chained vulnerability, first disclosed in July 2025.

Orange Belgium has published a separate customer information webpage outlining extra security measures. The answers to these questions are not included in the personal data accessed by the hackers. The threat actor behind the Belgium breach is known, but further details cannot be provided due to the ongoing investigation.

The attack previously disclosed by Orange on its French operations was claimed by the threat actor group Babuk2. This is around the same time that a cyber-attack affecting Orange's French operations was reported, although no corporate or customer data was accessed in that incident.

The incident was revealed in a press release published on August 20. Orange Belgium assures its customers that they are working closely with law enforcement agencies and cybersecurity experts to address the situation and protect customer data.

Read also:

• Oxidative Stress in Sperm Abnormalities: Impact of Reactive Oxygen Species (ROS) on Sperm Harm
• Is it possible to receive the hepatitis B vaccine more than once?
• Transgender Individuals and Menopause: A Question of Occurrence?
• Genetically manipulated rabbits sprout ominous black horns on their heads