Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Orange Spain taken offline following massive cyberattack caused by "ridiculously weak" password

Digital key.

Orange Spain has suffered a major outage earlier this week after a threat actor going by the alias “Snow” obtained a “ridiculously weak” password for an account that manages the global routing table and controls the networks that deliver the company’s internet traffic.

Apparently, an administrator’s computer was infected by infostealing malware, which harvested the “ripeadmin” password sometime in September 2023. The threat actor then sold it on the dark web, probably to Snow. This threat actor used it to log into Orange’s RIPE NCC account.

As reported by ArsTechnica, the RIPE Network Coordination Center is one of five Regional Internet Registries responsible for managing and allocating IP addresses to Internet service providers, telecommunication organizations, and companies that manage their own network infrastructure. 

Sour Oranges

Once logged in, the hacker started making changes to the global routing table, which Orange uses to assign the traffic to different backbone providers. At first, the changes didn’t make much of a difference, but soon enough, “things got ugly”, as expert Doug Madory so vividly described in his technical writeup here

Long story short, Snow ended up turning an anti-route-hijacking tool into a denial of service for Orange users.

Orange España is the country’s second-biggest mobile operator, the media reported. In the aftermath, RIPE said it's working on ways to improve account security.

The worst part about the incident is that Snow’s motives are yet unknown. Given the way the attacker behaved while changing the global routing table, the researchers speculate that they were simply experimenting with the access, seeing what could be done. Furthermore, there is even a chance that the attacker took things slowly in order to raise awareness of the weak password and only escalated when they saw mild reactions from the company.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.