Hundreds of network operators’ credentials have been discovered circulating on the dark web following a major cybersecurity breach at Orange España, Spain’s second-largest mobile operator. The breach, which was carried out by an entity known as “Snow,” involved the hijacking of Orange España’s RIPE Network Coordination Centre (NCC) account, resulting in disruptive alterations in border gateway protocol (BGP) and resource public key infrastructure (RPKI) configurations.
The incident, which occurred earlier this month, led to a three-hour service outage, raising concerns about the vulnerabilities of telecom carriers and their associated network infrastructures.
After conducting dark web monitoring, Resecurity uncovered over 1572 compromised customers from RIPE, Asia-Pacific Network Information Centre (APNIC), African Network Information Centre (AFRINIC), and the Latin America and Caribbean Network Information Center (LACNIC) due to malware activities involving password stealers like Redline, Vidar, Lumma, Azorult, and Taurus.
In an advisory published on Monday, the firm highlighted the risks stemming from dark web actors utilizing compromised credentials of ISP/telcom engineers, data-center technicians, network engineers, IT infrastructure managers, and outsourcing companies. These compromised credentials, which are often priced as low as $10, could be exploited by initial access brokers collaborating with ransomware groups or sophisticated cybercriminals to carry out more significant attacks similar to the Orange España incident.
Resecurity provided examples of compromised accounts, including those from a large data center in Africa, a financial organization in Kenya, and a large IT consulting firm in Azerbaijan. The consequences of such compromises extend beyond mere credential theft, potentially leading to unauthorized modifications of network settings, causing disruption to services and security breaches.
Remarkably, most compromised network administrators utilized emails from free providers like Gmail, GMX, and Yahoo, providing valuable information to cyber-espionage groups. Resecurity emphasized the critical need for robust digital identity protection programs to safeguard infrastructure and customers, given the potential for malicious actors to exploit compromised accounts for more sophisticated campaigns.
The company stated that it has notified affected victims, and feedback statistics reveal varying levels of awareness and action among compromised individuals.
The discovery of hundreds of network operators’ credentials circulating on the dark web serves as a clear indicator of the ongoing threat posed by cybercriminals to the telecommunications and network infrastructure industry. The breach at Orange España and the subsequent discovery of compromised credentials underscore the need for heightened cybersecurity measures and vigilance to protect against such malicious activities.
Security experts and industry professionals emphasize the importance of implementing strong authentication processes, regularly updating passwords, and investing in robust cybersecurity solutions to mitigate the risks associated with credential theft and potential network breaches. The vulnerabilities exposed by the breach at Orange España highlight the need for continuous monitoring and proactive measures to identify and address potential weaknesses in network security.
Additionally, the prevalence of compromised credentials from a wide range of network operators underscores the global scope of the threat posed by cybercriminals operating on the dark web. The collaborative efforts of law enforcement agencies, cybersecurity firms, and industry stakeholders are crucial in combatting these threats and preventing future breaches from occurring.
As the telecommunications industry continues to play an indispensable role in global connectivity and communication, protecting the integrity and security of network infrastructure is paramount. The recent breach at Orange España and the subsequent discovery of compromised credentials highlight the urgency of implementing robust cybersecurity measures to safeguard against potential threats and protect the interests of customers and network operators alike.