Orange Spain

Threat Actor updated 7 months ago (2024-05-04T22:18:47.539Z)

Download STIX

Preview STIX

Orange Spain, a major Spanish network provider, was disrupted by a cyberattack on January 3, 2024. The threat actor known as 'Snow' compromised Orange Spain's RIPE account, leading to significant internet outages. This incident underscores the vulnerability of critical internet infrastructure and highlights the importance of robust cybersecurity measures. The outage was due to a misconfiguration of Border Gateway Protocol (BGP) routing and the implementation of an invalid Resource Public Key Infrastructure (RPKI). Felipe Cañizares, CTO of DMNTR Network Solutions, speculated that Orange Spain might not have implemented two-factor authentication on the account, potentially making it easier for the threat actor to gain unauthorized access. In response to the incident, Orange Spain acted swiftly to restore services and confirmed the unauthorized access to its RIPE account. This rapid response demonstrates their commitment to ensuring the integrity of their systems and services. Nevertheless, the event serves as a stark reminder of the potential risks associated with inadequate cybersecurity measures.

Description last updated: 2024-05-04T21:32:11.320Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Infostealer ...

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Raccoon Malware is associated with Orange Spain. Raccoon is a malicious software (malware) developed by Russian-speaking coders, first spotted in April 2019. It was designed to steal sensitive data such as credit card information, email credentials, cryptocurrency wallets, and more from its victims. The malware is offered as a service (MaaS) for $	Unspecified	2

Source Document References

Information about the Orange Spain Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	10 months ago	Orange Spain Outage: BGP Traffic Hijacked by Threat Actor
CERT-EU	10 months ago	Orange Spain Outage: BGP Traffic Hijacked by Threat Actor
CERT-EU	10 months ago	Windows systems targeted by updated Bandook RAT
Checkpoint	10 months ago	8th January – Threat Intelligence Report - Check Point Research
CERT-EU	a year ago	Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware
DARKReading	a year ago	Administrator Account For Middle East Internet Registry Hacked
CERT-EU	a year ago	Infosec experts divided over 23andMe’s breach blame game
CERT-EU	a year ago	Hacker hijacked Orange Spain RIPE account causing internet outage to company customers - Security Affairs
CERT-EU	a year ago	Major Spanish network provider disrupted by cyberattack
CERT-EU	9 months ago	Ransomware crews lean into infostealers for initial access
DARKReading	10 months ago	Looted RIPE Credentials for Sale on the Dark Web