Dark Web Breach: 1,572 Credentials Stolen from Major Internet Registries

Experts at Resecurity have uncovered a substantial compromise in the dark web involving over 1,570 stolen client credentials from four out of the five largest internet Regional Internet Registries (RIRs), including RIPE, APNIC, AFRINIC, and LACNIC. ARIN, which covers North America, fortunately, remained unscathed.

The data theft occurred due to infostealer malware infections, highlighting a significant risk for network engineering and IT infrastructure management professionals.

In their investigation, Resecurity informed the victims about the breach, discovered through infostealers like Azorult, Redline, Vidar, Lumma, and Taurus. A feedback survey revealed that:

• 45% of respondents were unaware of the data compromise until notified.
• 16% were already aware and had taken necessary security measures.
• 14% learned of the breach but activated two-factor authentication (2FA) only after notification.
• 20% acknowledged the need for a more in-depth investigation of the incident.
• 5% couldn’t provide feedback or locate a responsible person in their organization.

Among the affected entities were major financial institutions, research organizations, and IT consulting firms worldwide.

Alarmingly, most network administrators used work emails registered on free platforms like Gmail, GMX, and Yahoo. Cybercriminals, with access to network settings, can make changes, creating risks for enterprise infrastructure.

Resecurity experts stress the escalating risks associated with the dark web. Malicious actors could use these credentials to access identity management systems, virtualization, cloud services, backup systems, and disaster recovery systems. Employees managing networks and IT infrastructures are at high risk.