Security News > 2024 > January > Hacker hijacks Orange Spain RIPE account to cause BGP havoc
Orange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration.
"Resource Public Key Infrastructure is a cryptographic method of signing records that associate a BGP route announcement with the correct originating AS number," explains a Cloudflare article on RPKI. By enabling RPKI with a routing body such as ARIN or RIPE, a network can cryptographically certify that only routers under their control can advertise an AS number and their associated IP addresses.
Yesterday, a threat actor named 'Snow' breached the RIPE account of Orange Spain and tweeted to Orange Spain to contact them about getting new credentials.
Orange Spain has since confirmed that their RIPE account was hacked and has begun to restore services.
While it is unclear how the threat actor breached their RIPE account, Cañizares told BleepingComputer that he believes Orange Spain did not enable two-factor authentication on the account.
BleepingComputer contacted Orange Spain with questions about the attack but has not received a reply at this time.