According to an article written by Kevin Beaumont posted on Pulsar/Medium:
Spain’s largest telco company, Orange Spain, was recently knocked offline, cutting off access to the internet for an estimated four million subscribers.
The threat actor accessed Orange’s RIPE account. RIPE look after internet IP addresses, basically the phone book of the internet. From their RIPE details, they were able to announce config which broke BGP routing — think the routing between networks which tell the network where to route the calls.
They were able to get into the account using the password: ‘ripeadmin’ and were did not face any other verification because Orange had disabled 2FA.
Apparently, this issue is wide-spread, due to Ripe not requiring two factor authentication on their accounts.
Currently, infostealer marketplaces are selling thousands of credentials to access.ripe.net — effectively allowing you to repeat this at organisations and ISPs across Europe.
Orange restored their account and were able to restore internet to affected customers after a few hours.
RIPE need to mandate MFA for all users at all times. ARIN did this in February 2023.
Later, they put out a press conference saying they were looking into forcing 2FA, but to be honest, it is kinda ridiculous that a company this size with each customer having the potential to have this must impact, isn’t already enforcing strong passwords and multi-factor authentication.