As a result of a hacker attack on the Spanish telecommunications operator Orange Spain, a failure occurred on an Internet connection. The attack was carried out by hacking the company’s account at Ripe (Réseaux IP Européns Network Coordination Centre), which led to BGP configuration (Border Gateway Protocol) and RPKI (Resource Public Key Infrastrunture).
BGP is responsible for routing traffic on the Internet, allowing organizations to associate their IP addresses with autonomous systems (Autonomous System, AS) and declare them to other routers. However, the protocol is based on trust, and when the IP bands are announced, usually related to another AS number, it is possible to redirect traffic to malicious sites or network.
To prevent such attacks, the RPKI standard was created, which acts as a cryptographic solution against the hijack of BGP. Using RPKI, the network can cryptographically confirm that only routers under their control can declare an AS number and the IP address related to it.
Hacker, known by the name “Snow”, hacked the Orange Spain account and changed the AS number associated with IP addresses of the company, and also turned on the invalid RPKI configuration. The attack led to the fact that the IP address was no longer declared properly on the Internet, causing malfunctions of the Orange Spain network from 14:45 to 16:15 on UTC.
Orange Spain confirmed the fact of hacking its account in RIPE and began the restoration of services. The company assured that customer data were not compromised, and the failure affected only navigation for some services.
Although Orange Spain did not reveal how her RIPE account was hacked, it is assumed that the hacking of the account Ripe occurred due to the lack of two-factor authentication. As a possible source of data leakage, the Racoon Stealer info stealer is indicated. However, the email and password from the RIPE account were found in the list of accounts stolen by such malicious software.
On September 4, 2023, an Orange employee was infected by Racoon Stealer, and among corporate accounting data identified on the computer, the