Following the hacker attack suffered in early January by Orange Spain, the second largest mobile phone operator in that country, security researchers discovered hundreds of network operator credentials circulating on the dark web.
The breach, orchestrated by the hacker gang known as Snow, involved the hijacking of Orange Spain’s IP Network Coordination Center (RIPE) account, leading to changes to the network’s settings. protocol Internet Routing Infrastructure (BGP) and Resource Public Key Infrastructure (RPKI). The incident caused services to be interrupted for three hours, raising concerns about the vulnerability of telecommunications operators and their network infrastructures.
In its monitoring of the dark web, Resecurity, a provider of endpoint protection and cybersecurity solutions, reveals that it has discovered more than 1,572 customers compromised by the RIPE attack, from the Asia Pacific Network Information Center (APNIC), the African Network Information Center (Afrinic) and the Latin American and Caribbean Network Information Center (Lacnic), due to malware activities involving known password stealers such as Redline, Vidar, Lumma, Azorult and Taurus.
In a statement published on Monday, January 29, the company highlighted the dangers posed by hackers using compromised credentials exposed on the dark web of ISP/telecommunications engineers, data center technicians, network engineers, IT infrastructure managers and outsourcing companies.
Compromised credentials, often priced as low as $10, can be sold by early access brokers who collaborate with ransomware groups or sophisticated cybercriminals to orchestrate more significant attacks similar to the one on Orange Spain.
Resecurity provided examples of compromised accounts, including those at a large data center in Africa, a financial organization in Kenya, and a large IT consulting firm in Azerbaijan. Interestingly, most administrators of compromised networks used emails from free providers such as Gmail, GMX and Yahoo, providing valuable information to cyber espionage groups.
The company said it has notified affected victims and feedback statistics reveal varying levels of awareness and action among compromised individuals.
Sources: CisoAdvisor, Resecurity
