Hackers Exchanging Hundreds Of Network Operators’ Credentials on Dark Web

A recent cyberattack on Orange España highlights the vulnerability of telecom network personnel and the critical need for improved digital hygiene. 

Hackers are actively targeting network engineers and IT infrastructure managers, seeking access to the organization’s sensitive data and infrastructure.

This alarming report by Resecurity reveals a disturbing trend: hundreds of network engineers’ credentials for organizations worldwide are being sold on the dark web. 

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

These compromised credentials grant attackers access to sensitive systems and data, potentially leading to devastating cyberattacks.

In January 2024, attackers hijacked an Orange España employee’s computer, stealing credentials for their RIPE NCC account. 

This granted them access to manipulate the telecom's network settings, causing a widespread internet outage. 
This granted them access to manipulate the telecom’s network settings, causing a widespread internet outage. 

The Dark Web: A Hunting Ground for Credentials

Resecurity’s investigation uncovered over 1,500 compromised credentials for regional internet registries, including RIPE, APNIC, AFRINIC, and LACNIC. 

These credentials were likely stolen by info stealers, malware designed to silently collect sensitive information. 

Worryingly, some credentials were offered for as little as $10, making them readily accessible to cybercriminals.

Beyond Credential Theft

Stolen credentials can be used for more than just disrupting services. They can also grant access to:

  • Enterprise Identity and Access Management (IAM) systems: This could allow attackers to steal sensitive data or grant unauthorized access to other systems.
  • Virtualization systems: This could allow attackers to manipulate virtual machines and disrupt critical operations.
  • Cloud providers: This could expose sensitive data stored in the cloud or allow attackers to launch further attacks from within the cloud environment.
  • Backup and disaster recovery systems: This could prevent organizations from recovering from cyberattacks or natural disasters.

Protecting Network: Steps to Take Now

  • Implement multi-factor authentication (MFA) for all accounts: This adds an extra layer of security by requiring a second factor, like a code from the phone, to log in.
  • Educate employees about cyber security best practices: Teach employees to be wary of phishing emails, suspicious links, and malware.
  • Regularly monitor the dark web for compromised credentials: Services like Resecurity can help you identify and address compromised credentials before they are used in an attack.
  • Patch systems and software regularly: This helps to close security vulnerabilities that attackers can exploit.
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.