Orange Spain, the Spanish unit of French telecoms provider Orange, suffered an internet outage after a hacker compromised the company’s RIPE account, leading to the misconfiguration of the Border Gateway Protocol (BGP) routing and Resource Public Key Infrastructure (RPKI) settings.

BGP, responsible for routing internet traffic, facilitates the efficient transfer of data by associating IP addresses with autonomous system (AS) numbers. When malicious actors manipulate IP ranges associated with a different AS number, they can redirect traffic, potentially leading to harmful consequences.

The hacker, known online as ‘Snow,’ breached the RIPE account, manipulating the AS number and RPKI configuration, causing the IP addresses to be improperly announced on the internet.

Following the announcement of the hack, the attacker instructed Orange Spain to send a private message to obtain the new credentials, a request the company apparently complied with.

Felipe Cañizares, CTO of DMNTR Network Solutions, shared a technical description of the breach (written in Spanish) in a series of posts on X (formerly Twitter).

Orange Spain has confirmed unauthorized access to its RIPE account and said that no customer data was compromised.

Following the incident, the RIPE NCC released a statement saying that an investigation has been launched.

“We have restored access to the legitimate account holder and are working closely with them to ensure the integrity of the account. Our Information Security team is continuing to investigate whether any other accounts have been affected. Account holders who might be affected will be contacted directly by us,” the organization said.

“We encourage account holders to please update their passwords and enable multi-factor authentication for their accounts,” it added.