Orange Spain experienced an internet outage due to a hacker breaching the company’s RIPE account and manipulating BGP routing along with RPKI configuration. BGP, responsible for internet traffic routing, can be vulnerable to hijacking, allowing malicious redirection of traffic. The threat actor, identified as ‘Snow,’ altered Orange Spain’s AS number and implemented an invalid RPKI configuration, disrupting the proper announcement of IP addresses. Although services are being restored, the incident highlights the need for robust security measures, such as RPKI, to safeguard against potential cyber threats exploiting vulnerabilities in BGP routing.
The hacker’s breach involved compromising Orange Spain’s RIPE account, prompting the company to contact them for new credentials. By modifying the AS number associated with the IP addresses and enabling an invalid RPKI configuration, the attacker disrupted the proper announcement of IP addresses on the internet. Orange Spain confirmed the unauthorized access to its RIPE account, leading to disruptions in customer browsing. While the data of clients remains uncompromised, the incident underscores the potential risks associated with BGP vulnerabilities and the importance of enhancing security measures.
The incident exposes the broader issue of information-stealing malware, with threat actors using stolen credentials to gain initial access to corporate networks. Although the exact method of the RIPE account breach remains undisclosed, the hacker’s screenshot revealed the hacked account’s email address. Information-stealing malware is a prevalent threat, emphasizing the need for robust cybersecurity practices, including two-factor or multi-factor authentication, to prevent unauthorized access even if credentials are compromised. Orange Spain’s efforts to restore services reflect the ongoing challenges in securing critical internet infrastructure against sophisticated cyber threats.
The outage caused by the manipulation of BGP routing and RPKI configuration serves as a reminder of the potential consequences of such cyber incidents, impacting not only service availability but also raising concerns about the integrity and security of internet communications. The incident highlights the significance of implementing security protocols like RPKI to authenticate BGP route announcements and mitigate the risk of unauthorized changes. As cyber threats continue to evolve, organizations must remain vigilant in adopting comprehensive cybersecurity measures to protect critical infrastructure and ensure the uninterrupted operation of internet services.