Orion Registrar Inc. Data Breach

Alleged

Ransomware claim involving Orion Registrar Inc.

Published: Jun 30, 2026
Threat Level
High
Confidence: High

Quick Summary

Alleged
Company
Orion Registrar Inc.
Industry
Business Services
Date of Incident
Jun 30, 2026

Executive Summary

Orion Registrar Inc., a business services company based in Germany, has been listed as a victim by the Settra ransomware group. The listing was published on June 30, 2026, as detected by SOCRadar’s Dark Web Monitoring. Settra has been actively targeting organizations, with a particular focus on the business services, technology, and consumer services sectors. The United States, France, and Tunisia are identified as the primary geographical targets for the group.

Technical Analysis

SOCRadar’s analysis revealed a severe exposure related to Orion Registrar Inc.’s domain, orion4value.com, through stealer-log telemetry. This exposure included five records of internal employee credentials targeting Microsoft Entra ID, with a significant corporate intrusion risk profile. The presence of consistent Azure AD tenant identifiers and repeated corporate usernames suggests a targeted attack on a specific organizational directory. The credential exposure window spanned from November 2025 to May 14, 2026, indicating potential ongoing compromise or unrotated credentials. For ransomware groups like Settra, these harvested credentials are a common initial access vector, enabling them to access corporate systems via Microsoft 365, VPNs, or remote access portals before deploying ransomware. While direct attribution is not confirmed by this data alone, the exposure of Entra ID credentials represents a critical identity-infrastructure access risk. CTI teams are advised to implement urgent measures, including immediate password resets, token revocation, review of sign-in logs, and conditional-access hardening.