Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.

Administrator Account for Middle East Internet Registry Hacked

The compromise reportedly led to corruption in the routing of a Spanish telecom provider's network.

Dark Reading Staff, Dark Reading

January 4, 2024

2 Min Read
Map of the Middle East with dots and lines
Source: Science Photo Library via Alamy Stock Photo

The Regional Internet Registry for Europe, the Middle East, and Central Asia is investigating the compromise of an administrator account that has disrupted network traffic.

In a statement, the registry, known as RIPE, said it is investigating the compromise of a RIPE Network Coordination Center Access account that "temporarily" affected "some services" for that account.

"Our Information Security team is continuing to investigate whether any other accounts have been affected. Account holders who might be affected will be contacted directly by us," the registry said in its statement.

RIPE is the regional database that contains all IP addresses and their owners for every country in the Middle East, as well as Europe and Asia.

Internet traffic in the United Arab Emirates and other Middle East nations showed a dip in network traffic overnight and at the start of today.

Orange Theory

This week, a threat actor going by the moniker "Ms_Snow_OwO" announced on X that they had gained access to a RIPE administrator account belonging to telecommunications provider Orange Spain. The attacker also posted the email address they were able to compromise. It was unclear if any other accounts had been hacked.

Orange Spain later announced it had "suffered improper access" that affected some customers, but that service was "practically restored."

Security researchers from Hudson Rock reported that the Orange Spain employee was infected by the Raccoon infostealer malware in September 2023, and their account had access credentials for The attacker abused the Border Gateway Protocol (BGP) routing configuration for Orange, the researchers noted.

The attacker publicly disclosed the password, claiming that the account did not have two-factor authentication enabled. Ironically, the Regional Internet Registry statement in the wake of the attack recommended that account holders enable multifactor authentication.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights