Ransomware Attack on SFR by APT73 / BASHE Group

Company Profile

SFR, officially known as Société française du radiotéléphone, is the second-largest telecom operator in France, offering a wide range of services including mobile, broadband, and enterprise solutions. With an annual revenue of approximately €11 billion, SFR serves over 21.9 million mobile customers and provides high-speed internet access to around 6.35 million households across Metropolitan France.

Industry Standing

SFR stands out in the telecommunications industry for its extensive fiber optic network, significant market share, and commitment to digital innovation. The company's broad customer base and comprehensive service offerings make it a key player in the French telecom landscape.

Attack Overview

The APT73 / BASHE / BASHE ransomware group targeted SFR, claiming to have exfiltrated 1,445,684 records containing sensitive information such as names, phone numbers, addresses, geolocation data, subscription details, and redlist information. Despite SFR denying any breach, the hackers have threatened to release the stolen data for free by November 25th, escalating cybersecurity concerns in France.

Ransomware Group Profile

The APT73 / BASHE / BASHE group distinguishes itself through its aggressive tactics and data exfiltration strategies. This group has targeted multiple victims across various sectors, showcasing a capacity to quickly compromise organizations and extract valuable data.

Penetration Methods

The APT73 / BASHE / BASHE group likely penetrated SFR's systems through phishing emails, vulnerable software, or weak network security protocols. Their ability to exfiltrate a significant amount of data indicates a sophisticated approach to breaching the company's defenses.

Sources:

 
• Recorded Future - Ransomware Groups
 
• QuoIntelligence - Ransomware Dynamics
 
• WatchGuard - Ransomware Tracker
 
• Vectra AI - Threat Actors
 
• Infosecurity Magazine - Ransomware Groups