Leaked creds of RIPE, APNIC, AFRINIC, and LACNIC are available on the Dark Web
After doing a comprehensive scan of the Dark Web, Resecurity discovered that info stealer infections had compromised over 1,572 customers of RIPE, the Asia-Pacific Network Information Centre (APNIC), the African Network Information Centre (AFRINIC), and the Latin America and Caribbean Network Information Center (LACNIC).
Included in this number are new artifacts and historical records discovered in January 2024 as a result of an examination of subterranean marketplaces and Command and Control (C2) servers. In light of the highly disruptive hack that occurred recently against telecom provider Orange EspaƱa, the cybersecurity community should reconsider how it protects the digital identities of employees who work in network engineering and IT infrastructure management.
Victims whose credentials were revealed on the Dark Web by info stealers such as Azorult, Redline, Vidar, Lumma, and Taurus have been alerted by Resecurity.
Cybersecurity experts were able to compile the following data using the feedback that was gathered:
- 16% of respondents were already aware that their accounts had been compromised due to a malicious code infection, and they had made the required password changes and enabled two-factor authentication.
- The remaining 45% did not know about the compromised credentials and acknowledged that their password change had been successful.
- 14% knew of the compromised credentials, however, they didn't activate 2FA until they were notified (statement received).
- Twenty percent of respondents agreed that further investigation into the incident that compromised credentials was necessary.
- Five percent of the recipients were unable to offer any comments.
Cyberespionage organizations active
It's noteworthy that the majority of network administrators (those found to have been infiltrated) who oversaw networks used email addresses registered with free services like Gmail, GMX, and Yahoo.
Cyberespionage organizations that are intensely focused on particular targets, including network administrators and their social networks, may find great value in these facts. Finding out about their private emails might result in more advanced campaigns and increase the chances of successful reconnaissance.
Malicious actors do more than just steal credentials. If they have access to network settings, they might change current setups or add dishonest components, which could seriously damage company infrastructure.
Unauthorized changes of this nature have the potential to cause serious service interruptions and security breaches, which emphasizes how important it is to protect digital assets with strong security procedures and increased awareness.
The gathered data might verify that personnel engaged in mission-critical IT administration and network engineering tasks are similarly susceptible to malicious programming. If their accounts are compromised, they could serve as "low-hanging fruit" for significant cyberattacks.
What are experts saying?
Resecurity's cybersecurity specialists have drawn attention to the growing threats posed by the Dark Web, where nefarious actors could take advantage of credential compromises held by network engineers, data center technicians, ISP/Telco engineers, IT infrastructure managers, and outsourcing firms that oversee networks for their corporate customers.
Therefore, for highly skilled threat actors, this employee category represents a high-value target. Resecurity's Dark Web study highlighted the danger landscape by identifying several compromised network engineer credentials that could allow threat actors to access gateways.