back to top

Sour Oranges Cybersecurity Incident: Unraveling the Hacker’s Disruption

Earlier this week, Orange Spain faced a significant outage due to a security breach orchestrated by an individual known as “Snow.” This threat actor gained access through a notably weak password linked to an account overseeing the global routing table, responsible for managing the company’s internet traffic networks.

The security lapse began when an administrator’s computer got infected with infostealing malware in September 2023. This malicious software successfully extracted the password, “ripeadmin,” which was later sold on the dark web. Subsequently, Snow acquired and utilized this compromised credential to log into Orange’s RIPE NCC account.

As reported by ArsTechnica, the RIPE Network Coordination Center holds a pivotal role as one of the five Regional Internet Registries. Its responsibility lies in managing and allocating IP addresses to various entities, including Internet service providers, telecommunication organizations, and companies overseeing their network infrastructure.

Sour Oranges Cybersecurity Incident: Unraveling the Hacker's Disruption

Intricacies of the ‘Sour Oranges’ Saga: Unveiling the Hacker’s Disruption

Amidst the “Sour Oranges” saga, the hacker, once inside, tweaked Orange’s global routing table – the mechanism for directing traffic to various backbone providers. Initially benign, these alterations eventually spiraled into chaos, as expert Doug Madory vividly portrayed in his technical breakdown.

In a nutshell, Snow transformed an anti-route-hijacking tool into a disruptive force, leading to a denial of service for Orange users.

Reports confirm Orange España as the country’s second-largest mobile operator. Post-incident, RIPE acknowledged the imperative to enhance account security measures.

The unsettling aspect is the enigma surrounding Snow’s motives. Observing the hacker’s behavior during the global routing table tweaks, researchers speculate it might have been an experimentation phase. Moreover, there’s a possibility that the gradual escalation was a calculated move to draw attention to the weak password, waiting for the company’s reactions to gauge their awareness.

Hacker’s ActionsConsequences
Global Routing ChangesChaotic disruption
Orange España PositionSecond-largest mobile op.
RIPE’s ResponseEnhancing account security
Snow’s MotivesStill shrouded in mystery

More like this