The afternoon of January 3 was marked for all Orange Spain customers by a widespread loss of internet connection that lasted for several hours. A service interruption marked by a cyberattack developed by the one known in X as “Ms_Snow_OwO”, as confirmed by Orange itself in your X account.
How is it possible to hack a company so important as to knock down all internet connectivity? The answer lies in not following safety advice that we are tired of hearing in reference to password security and keeping the F2A function active.
A security failure in Orange causes the Spanish service to crash
To carry out his attack, the attacker simply accessed the account of Orange Spain, the center of the RIPE NCC, which is an organization that manages all IP addresses and manages infrastructure in Europe, the Middle East and Central Asia. In short, a fundamental service to be able to keep the internet service active as we know it.
It was the hacker himself in your X account, and also mentioning Orange, which has explained in detail how it has infiltrated Orange's RIPE account, stating that the “security of the password is very questionable.” Even, has published a video where you can see how you access and view the different operator IP records.
Months before, the attacker obtained the access password to the RIPE of one of the employees through a malware infection “raccoon“which has the ability to steal the keychain of the devices where it is operating. This according to the investigation carried out by Infostealers. But the attacker has shown that the password was “ripeadmin“which stands out for being extremely weak and not complying with any of the advice that we constantly repeat.
With this password, next to the email that is '[email protected]' and the access service through 'https://access.ripe.net'It was not difficult for him to access and change the AS number that belongs to the IP address of Orange Spain, causing the service to drop which was seen on Wednesday with a loss of 50% of traffic.
Once detected, There was no choice but to recover access to the RIPE account and begin removing the changed records that had been introduced by the attacker.
Investigations are already pointing to, as we have previously mentioned, the Orange employee who stored the password on his computer that was infected with this malware. Logically, having such a weak password without double security factor and without passing periodic security checks It has been a real disaster. Because a lot of time has passed since your computer was infected until the attack occurred.
In this way, we remember again how important it is to keep a secure password, have a 2FA system in all compatible accounts and above all not download documents from untrusted sources. Without a doubt, Orange will have learned this lesson starting today.
From Genbeta we have contacted Orange Spain about these images, the veracity of the password or whether they are carrying out an internal investigation into this security breach. The response has been the following:
Appropriate measures have been taken to ensure that such an incident is not repeated. As you know, the Orange account in the IP network coordination center (RIPE) suffered improper access that affected the browsing of some of our customers. The service has already been restored since yesterday. We confirm that in no case are our customers' data compromised, it has only affected the navigation of some services.
Via | Infostealers
Cover | Own elaboration by José Alberto
In Genbeta | The six best websites to create random, secure and strong passwords