Orange Spain taken offline following massive cyberattack caused by "ridiculously weak" password

News
By published

Hacker bought a simple Orange Spain password on the dark web

digital key
(Image credit: Shutterstock)

Orange Spain has suffered a major outage earlier this week after a threat actor going by the alias “Snow” obtained a “ridiculously weak” password for an account that manages the global routing table and controls the networks that deliver the company’s internet traffic.

Apparently, an administrator’s computer was infected by infostealing malware, which harvested the “ripeadmin” password sometime in September 2023. The threat actor then sold it on the dark web, probably to Snow. This threat actor used it to log into Orange’s RIPE NCC account.

As reported by ArsTechnica, the RIPE Network Coordination Center is one of five Regional Internet Registries responsible for managing and allocating IP addresses to Internet service providers, telecommunication organizations, and companies that manage their own network infrastructure. 

Sour Oranges

Once logged in, the hacker started making changes to the global routing table, which Orange uses to assign the traffic to different backbone providers. At first, the changes didn’t make much of a difference, but soon enough, “things got ugly”, as expert Doug Madory so vividly described in his technical writeup here

Long story short, Snow ended up turning an anti-route-hijacking tool into a denial of service for Orange users.

Orange España is the country’s second-biggest mobile operator, the media reported. In the aftermath, RIPE said it's working on ways to improve account security.

The worst part about the incident is that Snow’s motives are yet unknown. Given the way the attacker behaved while changing the global routing table, the researchers speculate that they were simply experimenting with the access, seeing what could be done. Furthermore, there is even a chance that the attacker took things slowly in order to raise awareness of the weak password and only escalated when they saw mild reactions from the company.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
An abstract image of digital security.
Orange confirms it suffered breach after hacker leaks company documents
ID theft
Hackers claim Orange attack, threaten to leak 1TB of data
Telefonica
Telefónica says it was hit by systems breach, internal data leaked online
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Huge cyber attack under way - 2.8 million IPs being used to target VPN devices
China
Salt Typhoon hackers used this clever technique to attack US networks
Data leak
A major Keenetic router data leak could put a million households at risk
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Latest in News
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
More about security
Google Chrome

Google Chrome security flaw could have let hackers spy on all your online habits
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

Broadcom warns of worrying security flaws affecting VMware tools
Assorted Apple and Asus laptops on orange background with big savings text overlay

These are the 16 laptop deals I'd recommend to anybody in the spring sales – including MacBooks and gaming laptops
See more latest
Most Popular
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
Render of a new RTX 4000 Max-Q gaming laptop.
I can't say I'm surprised, but Nvidia's RTX 5090 laptop GPU has a big performance leap over its predecessor, according to early benchmarks
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Apple Music on a tablet, showing a new Listening Guide feature
Apple Music Classical just got 3 excellent perks in its biggest upgrade since launch
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Quick move in Civ 7.
Sid Meier's Civilization 7 update 1.1.1 is here and it finally adds a setting that I've wanted since day one