The Register reports that significant outages have impacted Orange Spain, the country's second-largest network provider, following the compromise of its account with RIPE, the regional internet registry used by Europe, the Middle East, and Central Asia.
Orange Spain had one of its employees' account infiltrated by information-stealing malware deployed by the threat actor dubbed "Snow," who was then able to exfiltrate the network provider's RIPE account credentials, which were found to be "ripeadmin."
Such compromise was then followed by the takeover of Orange Spain's border gateway protocol traffic, resulting in the outage, as well as modifications in the provider's route origin authorizations.
"Orange Spain has had their /12 [ROA records] (and likely others) broken by (what appears to be) someone breaking into their RIPE account and making RPKI ROA's to somewhere else," said Port 179 Director Ben Cartwright-Cox.
Meanwhile, the incident was noted by Hudson Rock to emphasize the significant threat posed by infostealer compromise.
"It is important to routinely check your organizational exposure to infostealer infections which are the top initial attack vector for threat actors to access corporate and customer accounts," said Hudson Rock.