January 4, 2024 at 01:32PM
RIPE, the Regional Internet Registry for Europe, the Middle East, and Central Asia, is investigating a compromised administrator account that disrupted network traffic. The compromise affected some services and potentially other accounts, prompting RIPE to contact affected account holders. Additionally, a threat actor announced unauthorized access to a RIPE administrator account belonging to Orange Spain and disclosed the compromised email address. These incidents highlight the importance of multifactor authentication for account security.
Based on the meeting notes, it is clear that RIPE, the Regional Internet Registry for Europe, the Middle East, and Central Asia, is investigating the compromise of a RIPE Network Coordination Center Access account. This compromise disrupted network traffic and resulted in a dip in internet traffic in the UAE and other Middle East nations.
A threat actor going by the moniker “Ms_Snow_OwO” announced on X that they had gained access to a RIPE administrator account belonging to telecommunications provider Orange Spain. The attacker also posted the compromised email address, causing “improper access” that affected some customers. It was later revealed that the account was compromised by the Raccoon infostealer malware in September 2023.
Additionally, security researchers reported that the attacker abused the Border Gateway Protocol (BGP) routing configuration for Orange and publicly disclosed the password, noting that the account did not have two-factor authentication enabled.
The meeting notes also highlighted that RIPE released a statement recommending account holders to enable multifactor authentication in the wake of the attack.
These clear takeaways from the meeting notes should provide a comprehensive summary of the discussed topics.