Warlock Ransomware Gang Targets Orange and Colt

Emerging ransomware group, Warlock, is starting to appear as a rapidly growing threat with network and telecoms providers Colt and Orange among its latest victims.

The group has already claimed responsibility for 22 victims since August 16th, according to data. 

Among Warlock’s high-profile victims is Orange, which confirmed on August 20th that it had suffered a cyberattack. The organization revealed that attackers gained access to data on its 850,000 customers.

While Orange said no credentials, email addresses, or financial details were compromised, the stolen data includes names, phone numbers, SIM card numbers, tariff plans, and Personal Unlocking Key (PUK) codes.

The exposure of PUK codes is particularly alarming. These eight-digital numbers are meant to secure SIM cards against unauthorized use, meaning their compromise could open the door to further fraud or identity-based attacks.

“As soon as the incident was detected, our teams blocked access to the affected system and tightened our security measures. Orange Belgium also alerted the competent authorities and filed an official complaint with the judicial authorities,” a spokesperson said.

This particular breach comes just weeks after Orange disclosed another major cyber incident in France, suggesting that its European infrastructure is being heavily targeted.

Meanwhile, Colt continues with the fallout of Warlock’s attack. The organization has confirmed that some customer data has been stolen, though the full scope is still under investigation. 

Colt has sought to reassure customers that its core infrastructure and authentication systems remain secure, as they are segmented from its business support systems.

A Colt spokesperson said: “We’re working around the clock to restore our systems. It’s too early to give an exact timeline at the moment, but we’ll provide regular updates to keep you informed.”

Warlock’s rapid expansion appears to be fueled by the exploitation of SharePoint Server vulnerabilities. These flaws were discovered and patched in July, after Microsoft warned they were already being used by Chinese state-linked hackers.

With Orange and Colt already suffering from the damage Warlock have caused, this group’s campaign signifies the critical importance of threat monitoring and dark web intelligence to help stay ahead of ransomware gangs.