January 5, 2024 at 05:27AM
On January 3, Orange Spain experienced an internet outage due to a threat actor using stolen admin credentials to manipulate BGP traffic. Personal data was not compromised, but browsing services were affected. The incident was linked to an employee’s system infiltration by Raccoon Stealer malware. Security flaws in RIPE’s system were also exposed.
From the meeting notes, it’s evident that Orange Spain experienced a significant internet outage due to a threat actor using stolen administrator credentials to hijack the border gateway protocol (BGP) traffic. This resulted in disruptions and a 50% loss in traffic. The company emphasized that no personal data was compromised, but some browsing services were affected.
The threat actor, Ms_Snow_OwO, claimed to have accessed Orange Spain’s RIPE account, which led to the modifications in the AS number belonging to Orange’s IP address. It was revealed that the stolen account credentials were traced back to an employee’s computer that was infiltrated by Raccoon Stealer malware.
Furthermore, the weak and predictable password used for the RIPE administrator account and the lack of two-factor authentication (2FA) and strong password policies in RIPE accounts contributed to the vulnerability.
RIPE is currently investigating the incident and reaching out to affected account holders. It has urged users to update their passwords and enable multi-factor authentication for their accounts. The company also plans to expedite the implementation of 2FA for all RIPE NCC Access accounts and introduce various verification mechanisms.
This incident underscores the need for organizations to take steps to secure their networks from known initial attack vectors such as infostealer infections.