Representatives of the RIPE NCC, which is one of the five regional Internet registrars (RIRs), said that unknown hackers tried to attack it.
Internet registrars like the RIPE NCC handle Internet resource allocation and related registration and coordination activities.In particular, the RIPE NCC manages the IP address space in Europe, the Middle East and parts of Central Asia. RIPE NCC members are more than 20,000 organizations in 75 countries (usually large ISPs and corporations) that act as local Internet registrars (LIRs) and distribute IP address space to other organizations and companies in their country.
This week, representatives of the RIPE NCC reported that recently they have noted an attempt to hack the organization.
Let me remind you that the term credential-stuffing refers to situations where usernames and passwords are stolen from some sites and then used against others. That is, the attackers have a ready-made database of credentials (purchased on the darknet, collected on their own, and so on) and try to use this data to log in to any sites and services under the guise of their victims.
RIPE NCC Access is used to log into all RIPE sites, including My LIR, Resources, RIPE Database, RIPE Labs, RIPEstat, RIPE Atlas, and the RIPE Meeting. Compromising any account could create huge problems, both for the organization itself and for the account holders.
The fact is that, for example, the RIPE NCC officially exhausted IPv4 addresses back in November 2019, and now there is a real hunt for IPv4 addresses all over the world: they are in great demand, including on the black market.
Although the investigation into the incident is still ongoing, it is already reported that the RIPE NCC specialists managed to resist the attack, and not a single account was eventually hacked. All members of your organization are now strongly encouraged to enable two-factor authentication for Access accounts.
Let me remind you, that CD Projekt Red, Cyberpunk 2077 developer fell victim to ransomware.