Jan 06, 2024 | Posted by Abdul-Rahman Oladimeji
Orange has noted that a weak password to its RIPE account was the primary cause of the outage at Orange Spain disrupted close to half of its network traffic earlier this week. This outage lasted for about three hours on January 4 after a hacker manipulated crucial information about the company’s Internet infrastructure.
The attacker breached the RIPE account, which is the regional database that contains all IP addresses and their owners in Europe, the Middle East, and Central Asia. By breaching this account, the hacker was able to misconfigure BGP (Border Gateway Protocol) routing and an RPKI configuration.
An individual operating under the alias of "Snow" claimed responsibility for the attack and explained on social media that they were able to breach the account with the password "ripeadmin", noting that 2FA (two-factor authentication) and "SE" were not in use.
Orange España wrote on X after the hacker shared images of their administrative account access, "The Orange account in the IP network coordination center (RIPE) has suffered improper access that has affected the browsing of some of our customers. Service is practically restored. We confirm that in no case is the data of our clients compromised, it has only affected the navigation of some services."
