Security News > 2024 > January > Hundreds of network operators’ credentials found circulating in Dark Web

After the recent incident involving Orange España and the leakage of credentials from the RIPE NCC portal, which led to a major outage, the cybersecurity community needs to reconsider the digital identity protection for staff engaged in network engineering and IT infrastructure management.

Cybersecurity experts outlined the risks originating from Dark Web actors leveraging compromised credentials belonging to ISP/Telcom engineers, Data-Center Technicians, Network Engineers, IT Infrastructure Managers and Outsourcing companies.

Some independent actors were found selling RIPE credentials at a higher price, including cookies, proxy access, or remote access through malicious code planted on the victim's system.

As an example of compromised RIPE accounts, Resecurity outlined compromised access credentials belonging to a major data center and one of the largest vendors providing international-scale network telephony connectivity to governmental and national telecom providers in Africa.

Resecurity has notified the victims who's credentials to RIPE, APNIC, AFRINIC and LACNIC customer portals were compromised by password stealers and exposed on the Dark Web.

Several victims, particularly network engineers identified in the datasets acquired from the Dark Web, also had their credentials to enterprise identity and access management, virtualization systems, various cloud providers, and backup and disaster recovery solutions compromised.

News URL

https://www.helpnetsecurity.com/2024/01/30/network-operators-compromised-credentials/