Orange Spain

Threat Actor updated 4 months ago (2024-05-04T22:18:47.539Z)

Download STIX

Preview STIX

Orange Spain, a major Spanish network provider, was disrupted by a cyberattack on January 3, 2024. The threat actor known as 'Snow' compromised Orange Spain's RIPE account, leading to significant internet outages. This incident underscores the vulnerability of critical internet infrastructure and highlights the importance of robust cybersecurity measures. The outage was due to a misconfiguration of Border Gateway Protocol (BGP) routing and the implementation of an invalid Resource Public Key Infrastructure (RPKI). Felipe Cañizares, CTO of DMNTR Network Solutions, speculated that Orange Spain might not have implemented two-factor authentication on the account, potentially making it easier for the threat actor to gain unauthorized access. In response to the incident, Orange Spain acted swiftly to restore services and confirmed the unauthorized access to its RIPE account. This rapid response demonstrates their commitment to ensuring the integrity of their systems and services. Nevertheless, the event serves as a stark reminder of the potential risks associated with inadequate cybersecurity measures.

Description last updated: 2024-05-04T21:32:11.320Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Infostealer ...

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Raccoon	Unspecified	2	Raccoon is a type of malware, specifically an infostealer, used predominantly by the Scattered Spider threat actors to obtain login credentials, browser cookies, and histories. This malicious software, which is sold as Malware-as-a-Service (MaaS) on dark web forums, is both effective and inexpensive

Source Document References

Information about the Orange Spain Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	8 months ago	Orange Spain Outage: BGP Traffic Hijacked by Threat Actor
CERT-EU	8 months ago	Orange Spain Outage: BGP Traffic Hijacked by Threat Actor
CERT-EU	8 months ago	Windows systems targeted by updated Bandook RAT
Checkpoint	8 months ago	8th January – Threat Intelligence Report - Check Point Research
CERT-EU	8 months ago	Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware
DARKReading	8 months ago	Administrator Account For Middle East Internet Registry Hacked
CERT-EU	8 months ago	Infosec experts divided over 23andMe’s breach blame game
CERT-EU	8 months ago	Hacker hijacked Orange Spain RIPE account causing internet outage to company customers - Security Affairs
CERT-EU	8 months ago	Major Spanish network provider disrupted by cyberattack
CERT-EU	7 months ago	Ransomware crews lean into infostealers for initial access
DARKReading	8 months ago	Looted RIPE Credentials for Sale on the Dark Web