This manifested to Orange Spain users as service unavailability, at scale.
The threat actor accessed Orange's RIPE account.
RIPE look after internet IP addresses, basically the phone book of the internet.
From their RIPE details, they were able to announce config which broke BGP routing - think the routing between networks which tell the network where to route the calls.
To administrator RIPE, you use a website called access.
The threat actor actually posted this screenshot themselves on social media to Orange, earlier today, while goading them.
You may notice two step authentication is disabled - RIPE don't require it, and it isn't enabled by default for new accounts either.
There is no sane password policy at RIPE - you can use borisjohnson as your password, in other words it is a powder keg.
The account in question has been on an info stealer since August last year, with the details resold onwards.
Currently, infostealer marketplaces are selling thousands of credentials to access.
Ripe.net - effectively allowing you to repeat this at organisations and ISPs across Europe.
They got on top of it, reverted the changes and got customers back online.
Well, I don't think that - I know it isn't, as credentials are already everywhere.
g. Follow me on Mastodon for more insanity as it happens.
1.61K Posts, 760 Following, 34.7K Followers Cybersecurity weather person and award winning shitposter.
This Cyber News was published on doublepulsar.com. Publication date: Wed, 03 Jan 2024 23:14:25 +0000