Earlier today, as reported by BleepingComputer, a threat actor named “Ms_Snow_OwO” tweeted that they’ve gained access to a RIPE administrator account belonging to Orange Spain:
Using the stolen account, the threat actor modified the AS number belonging to Orange’s IP address, resulting in major disruptions to Orange and a 50% loss in traffic.
The threat actor posted an additional tweet in which they show the email address of the account they took over —
This enabled Hudson Rock researchers to investigate the email address and identify that it is associated with a computer of an Orange Spain employee who was infected by an Infostealer earlier this year.
The Orange employee had their computer infected by a Raccoon type Infostealer on September 4th 2023, and among the corporate credentials identified on the machine, the employee had specific credentials to “https://access.ripe.net” using the email address which was revealed by the threat actor (adminripe-ipnt@orange.es).
It is also worth noting that the password that was used on Orange’s RIPE administrator account was “ripeadmin” which is ridiculously weak.
Hudson Rock can confirm with high certainty that this is how the threat actor was able to infiltrate into the RIPE administrator account
This attack again illustrates how a single infostealer infection could be detrimental to any company.
It is important to routinely check your organizational exposure to Infostealer infections which are the top initial attack vector for threat actors to access corporate and customer accounts.
To learn more about how Hudson Rock protects companies from imminent intrusions caused by info-stealer infections of employees, partners, and users, as well as how we enrich existing cybersecurity solutions with our cybercrime intelligence API, please schedule a call with us, here: https://www.hudsonrock.com/schedule-demo
We also provide access to various free cybercrime intelligence tools that you can find here: www.hudsonrock.com/free-tools
Thanks for reading, Rock Hudson Rock!
Follow us on LinkedIn: https://www.linkedin.com/company/hudson-rock
Follow us on Twitter: https://www.twitter.com/RockHudsonRock
