The red from Orange is being subject to a cyber attack that is causing navigation problems for the operator's customers. According to sources familiar with the situation, cybercriminals have hacked the company's RIPE account. Below, we explain the details since the incident can take several hours.

The European IP Network Coordination Center (RIPE NCC) is the Regional Internet Registry for Europe, the Middle East and parts of Central Asia. It seems that the orange operator has been subject to an attack that has modified the route objects causing the orange autonomous system to not know how to find the networks to be able to connect to the Internet. In other words, Orange customers are isolated and therefore cannot navigate properly. The incidence above all affects when browsing pages that are outside of Spain.

DNS crash and fiber cable break?

After the incident, some sources from the operator have assured that it was a minor problem related to a cut in the fiber network. There has also been speculation that it was a DNS crash, the domain name system that allows you to enter web pages using your name instead of the IP address. The reality and according to the evidence provided by a user in X is that the problem is in the RIPE account, which is having important consequences for the operation of the telecom.

The alleged person responsible for the attack has stated the following: «Meow, meow, meow! I have fixed the security of your RIPE administrator account. Send me a message to get the new credentials :^)»

The cybercriminal has surely gained access to the RIPE through a phishing attack on an employee of the operator who has taken the bait. Access to the account has also been possible because it lacked two-factor authentication. Presumably the famous “Snow” will predict a ransom for the company for access to the credentials.

Incidents triggered in down detector

As can be seen below, from 4:00 p.m. approximately one hour, problems were reported in the operator's network, which have increased as the problem spread throughout the network.

The incident affects Jazztel, Simyo and even MásMóvil

The problem may also be spreading to other companies that use the Orange network and even Movistar and Vodafone customers could notice the incident. For example, a Telefónica customer who wants to navigate against something that is Orange will not be able to, because he does not know the route to the destination.

In short, everything points to a very elaborate cyber attack and it is also critical because it affects the company's entire network. The added problem is that restoring the network can take several hours as they have to take control of the account, restore a backup, restart routers and wait for it to spread throughout the network. If you are an Orange customer, you can only be patient and wait for the company to restore service as soon as possible.