CyberSecurityBoard
Sponsor Register Login

Hacker hijacks Orange Spain RIPE account to cause BGP havoc

Orange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration.
The routing of traffic on the internet is handled by Border Gateway Protocol, which allows organizations to associate their IP addresses with autonomous system numbers and advertise them to other routers they are connected to, known as their peers.
These BGP advertisements create a routing table that propagates to all other edge routers on the internet, allowing networks to know the best route to send traffic to a particular IP address.
When a rogue network announces IP ranges usually associated with another AS number, it is possible to hijack those IP ranges to redirect traffic to malicious websites or networks.
According to Cloudflare, this is possible because BGP is built on trust and the routing table will be updated based on which advertiser has the shortest and more specific route.
To prevent this, a new standard called Resource Public Key Infrastructure was created that acts as a cryptographic solution to BGP hijacking.
Yesterday, a threat actor named 'Snow' breached the RIPE account of Orange Spain and tweeted to Orange Spain to contact them about getting new credentials.
The attacker modified the AS number associated with the company's IP addresses, and enabled an invalid RPKI configuration on them.
Announcing the IP addresses on someone else's AS number and then enabling RPKI effectively caused these IP addresses to no longer be announced properly on the internet.
This led to a performance issue on Orange Spain's network between 14:45 and 16:15 UTC, which can be seen in the Cloudflare traffic graph below for AS12479.
Orange Spain has since confirmed that their RIPE account was hacked and has begun to restore services.
While it is unclear how the threat actor breached their RIPE account, Cañizares told BleepingComputer that he believes Orange Spain did not enable two-factor authentication on the account.
Cañizares has created a thread on X summarizing how this attack took place.
BleepingComputer contacted Orange Spain with questions about the attack but has not received a reply at this time.
Counter-Strike 2 HTML injection bug exposes players' IP addresses.
WhatsApp now lets users hide their location during calls.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 03 Jan 2024 19:45:16 +0000


Cyber News related to Hacker hijacks Orange Spain RIPE account to cause BGP havoc

Hacker hijacks Orange Spain RIPE account to cause BGP havoc - Orange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration. The routing of traffic on the internet is handled by Border Gateway Protocol, which allows ...
6 months ago Bleepingcomputer.com
Weak password and infostealer blamed for Orange Spain outage The Register - A weak password exposed by infostealer malware is being blamed after a massive outage at Orange Spain disrupted around half of its network's traffic. The network provider is Spain's second most popular and on Wednesday evening confirmed its RIPE ...
6 months ago Go.theregister.com
How 50% of telco Orange Spain's traffic got hijacked - This manifested to Orange Spain users as service unavailability, at scale. The threat actor accessed Orange's RIPE account. RIPE look after internet IP addresses, basically the phone book of the internet. From their RIPE details, they were able to ...
6 months ago Doublepulsar.com
Major Spanish mobile carrier suffers three-hour outage after account takeover - One of Spain's biggest mobile carriers said it had restored services after a hacker caused an outage by manipulating crucial information about the company's internet infrastructure. It was unclear if the internet outages directly affected the ...
6 months ago Therecord.media
CVE-2020-3398 - A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service (DoS) ...
2 years ago
CVE-2017-12319 - A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) ...
4 years ago
CVE-2018-0295 - A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is ...
4 years ago
CVE-2019-15989 - A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect ...
4 years ago
CVE-2022-20758 - A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is ...
2 years ago
CVE-2020-3165 - A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authentication in Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection with the ...
4 years ago
CVE-2019-16023 - Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The ...
2 years ago
CVE-2019-16021 - Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The ...
2 years ago
CVE-2018-15428 - A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect ...
4 years ago
CVE-2019-1909 - A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due ...
4 years ago
CVE-2019-16022 - Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The ...
4 years ago
CVE-2019-16020 - Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The ...
4 years ago
CVE-2019-16018 - A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due ...
4 years ago
CVE-2019-16019 - Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The ...
3 years ago
CVE-2020-1613 - A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. The BGP NOTIFICATION message that terminates an established ...
2 years ago
CVE-2024-21585 - An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap ...
5 months ago Tenable.com
CVE-2021-1230 - A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a routing process to crash, which could lead ...
3 years ago
CVE-2020-3397 - A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service ...
2 years ago
Ivanti Vulnerability Exploited to Deliver New 'DSLog' Backdoor - A recently patched zero-day vulnerability in Ivanti enterprise VPNs has been exploited in attacks deploying a backdoor named 'DSLog', security services provider Orange Cyberdefense reports. The issue, tracked as CVE-2024-21893, is a server-side ...
4 months ago Packetstormsecurity.com
Hacker Conversations: Chris Evans, Hacker and CISO - Chris Evans is CISO and chief hacking officer at HackerOne. SecurityWeek's Hacker Conversations series seeks to understand the mind and motivations of hackers by talking to hackers. Evans challenges the common perception of both hackers and their ...
6 days ago Securityweek.com
CVE-2020-1632 - In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)