Orange España, the second-largest mobile operator in Spain, fell victim to a cyber-attack earlier this month, resulting in a disruption of mobile services lasting over three hours. Subsequent investigations by a group of security researchers unveiled that the assailants, identified as the hacking group “Snow,” successfully breached Orange España’s RIPE Network Coordination Centre. This intrusion led to configuration errors in the public key infrastructure and border gateway protocol.
In the aftermath, a study conducted by Resecurity uncovered that the cyber-attack also resulted in the compromise of credentials for more than 1572 computer networks. Among the affected entities were a Kenya-based IT firm, a sizable IT firm in Azerbaijan, and a multinational data center in Africa.
The attackers executed a password theft campaign by deploying data-stealing malware such as Lumma, Azorult, Vidar, Redline, and Taurus within the organizational networks. These malicious programs targeted credentials used by data center administrators, ISP engineers, telecom administrators, network engineers, IT managers, and technology outsourcing companies.
Such network compromises often pave the way for ransomware attacks and the unauthorized extraction of intellectual property.
Typically, threat actors either sell the pilfered data for $10 each or collaborate with other cybercriminals to profit from activities like phishing attacks. Notably, Orange España had previously disclosed details of the Aadhaar data breach affecting over 850 million Indian citizens in October 2023.
In response to these escalating cybersecurity challenges, Resecurity has initiated a partnership with Cybercrime Atlas to combat global cybercrime networks. This collaboration, announced at the World Economic Forum’s Center, involves expertise from more than 40 public and private entities working together to provide technical support for this groundbreaking project.
