ORA Group Information Data Breach

Alleged

Ransomware claim involving ORA Group Information.

Published: Jun 30, 2026 Pear
Threat Level
High
Confidence: High

Quick Summary

Company
ORA Group Information
Industry
Business Services
Threat Actor
Pear
Date of Incident
Jun 30, 2026
Status
Alleged

Executive Summary

ORA Group Information, a business services company based in France, has been listed as a victim by the Pear ransomware group. The incident was first identified on June 30, 2026, through SOCRadar’s Dark Web Monitoring service. This listing represents one of the rarer non-US targets for the Pear ransomware group, which primarily targets organizations in the United States.

Technical Analysis

Pear ransomware group has demonstrated a consistent targeting pattern, heavily favoring the business services, financial services, and construction sectors. While their primary focus is on victims in the United States, France and Norway occasionally appear in their victimology. The analysis of initial access for ORA Group Information did not reveal direct evidence of exposed credentials from the specific queried stealer-log telemetry. However, this absence does not confirm a lack of exposed credentials, as data can be sourced from various feeds, rotated before indexing, or harvested under different domains or aliases. It is recommended that CTI teams continue monitoring and implement proactive credential hygiene measures, rather than assuming complete security based on a null query result. The methods employed by ransomware groups like Pear often involve sourcing credentials from infostealer logs, using them to gain access to systems via Microsoft 365, VPNs, or remote access portals before deploying ransomware.

Is Your Organization Exposed on the Dark Web?

Enter your company domain to get a free dark web exposure report instantly.