Orange discloses cyberattack, warns of service disruption across France

Telecoms giant Orange has confirmed a cyberattack targeting one of its internal systems, resulting in service disruptions for corporate and consumer customers in France. The company, which serves more than 290 million clients across Europe and Africa, detected the breach last Friday.

While Orange says there is currently no evidence of customer data being stolen, it acknowledged that isolating affected systems has caused outages in management platforms and other services. It has filed a formal complaint and notified the authorities but declined to share further technical details for security reasons.

The incident follows recent warnings from French cyber agency ANSSI, which flagged a surge in state-sponsored espionage targeting national telecoms infrastructure. Although attribution remains unclear, Orange’s breach highlights ongoing concerns over the vulnerability of major European communications networks to sophisticated cyber threats.

Pro-Ukrainian hackers disrupt Aeroflot operations in major cyber attack

Russia’s national airline, Aeroflot, cancelled over 40 flights and suffered widespread delays after a cyber attack reportedly launched by pro-Ukrainian hacker group Silent Crow, with support from Belarusian group Cyberpartisans. The hackers claimed responsibility on Telegram, stating the “prolonged and large-scale operation... completely destroyed” Aeroflot’s IT systems and threatened to leak the personal data of all Russian passengers.

While the Kremlin labelled the disruption “worrying,” Russia’s prosecutor’s office confirmed a system failure due to the attack and opened a criminal investigation. The transport ministry has arranged alternative flights for affected passengers.

Though hacker groups often exaggerate their impact, this attack stands out for its tangible consequences on a major Russian company. Aeroflot services in Russia, Belarus, and Armenia were all affected. Cyberpartisans described the strike as part of their ongoing support for Ukraine, claiming the move paralysed the airline.

The incident underscores the growing digital front in the Russia-Ukraine conflict.

BlackSuit ransomware extortion sites seized in global law enforcement takedown

Law enforcement agencies have taken down the dark web extortion sites of the BlackSuit ransomware group, a gang responsible for attacking hundreds of organisations worldwide. The U.S. Department of Justice confirmed the seizure, carried out under a court-authorised warrant as part of a joint international effort dubbed Operation Checkmate.

Visitors to the BlackSuit .onion domains are now met with seizure notices from U.S. Homeland Security Investigations, declaring the sites dismantled. The seized infrastructure includes BlackSuit’s data leak blogs and negotiation portals, which were used to pressure victims into paying ransoms.

Authorities from the U.K., U.S., Germany, the Netherlands, Ukraine, and others took part, alongside Europol. Cybersecurity firm Bitdefender also supported the operation, offering technical guidance through its Draco Team.

This takedown underscores the growing success of international public-private collaboration in disrupting ransomware groups operating under the cover of the dark web.

FBI seizes over $2.3M in Bitcoin from Chaos ransomware affiliate

FBI Dallas has seized over $2.3 million in Bitcoin from a crypto wallet linked to "Hors," a suspected affiliate of the rebranded Chaos ransomware group. The 20.289 BTC was traced to attacks targeting Texas companies and seized on April 15, 2025. On 24 July, the U.S. Department of Justice filed a civil complaint seeking forfeiture of the funds, citing links to cyber extortion.

The new Chaos operation is believed to be a rebrand of BlackSuit ransomware, itself tied to the defunct Conti gang. Cisco Talos researchers found strong overlaps between Chaos and BlackSuit in encryption methods and tooling.

This development follows the recent seizure of BlackSuit’s extortion sites, suggesting a wider investigation. While the FBI hasn’t confirmed which Chaos variant ‘Hors’ belonged to, experts believe the seizure targets the rebranded Conti-linked group. Civil forfeiture allows permanent confiscation of assets tied to criminal acts, including ransomware payments.

Zero-day SharePoint attacks hit African organisations as part of global cyber campaign

A global zero-day exploit campaign targeting Microsoft SharePoint Server has impacted several high-profile African organisations, with South Africa among the hardest hit.

South Africa’s National Treasury confirmed its SharePoint-based Infrastructure Reporting Model (IRM) platform was compromised, though officials reported no service disruption thanks to swift detection and isolation. Other affected African entities include a major university, an automotive manufacturer, government agencies, and federal departments.

These attacks exploit legacy SharePoint features and often go undetected due to fileless execution and anti-forensic techniques. With many African organisations reliant on on-premise Microsoft ecosystems for content management, exposure remains high, particularly where patching is delayed.

Microsoft has advised urgent updates and stronger network segmentation. Experts warn the region’s growing digital infrastructure remains a prime target for advanced threat actors exploiting unpatched enterprise systems.

Minnesota activates National Guard after cyberattack cripples St. Paul

Minnesota Governor Tim Walz has activated the National Guard following a severe cyberattack on the City of Saint Paul, which has caused widespread disruption to municipal systems since Friday. While emergency services remain unaffected, key digital services — including online payments and some library and recreation centre operations — have been taken offline.

City officials, working alongside state and federal partners, confirmed that the attack has overwhelmed both internal IT resources and commercial cybersecurity providers. As a result, the Minnesota National Guard’s cyber defence team has been deployed to support recovery efforts and ensure continuity of essential services.

An executive order signed Tuesday acknowledges the attack’s scale and complexity, highlighting the urgent need for reinforced cyber protection. Governor Walz stated the National Guard will work with authorities “to restore cybersecurity as quickly as possible” and limit long-term damage. Saint Paul, home to over 311,000 residents, remains under heightened digital threat as investigations continue.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.