"Helton also noted that cyberattacks are now often a prelude to kinetic warfare, as was the case when Russia illegally invaded Ukraine in 2022. So he went looking for evidence of cyber-ops in Venezuela by poring through data Cloudflare publishes on its Radar service, which records internet traffic trends and outages, and focused on AS8048 - the autonomous system number used by CANTV, Venezuela's state-owned telco."
""8 prefixes (blocks of IP addresses) were being routed through CANTV, with Sparkle (an Italian transit provider) and GlobeNet (a Colombian carrier) in the Autonomous System (AS) path," Helton wrote, noting that Sparkle is known not to implement optimal border gateway protocol (BGP) security. Using additional data from RIPE NCC's routing information service, he spotted further evidence of strange traffic flows to CANTV and suggested the routes chosen may have allowed for a man-in-the-middle (MITM) attack that enabled surveillance of traffic."
A researcher identified unusual routing behavior on January 2 involving AS8048, CANTV's autonomous system, with eight prefixes routed through CANTV and paths including Sparkle and GlobeNet. The paths raised concerns because Sparkle is known for weak BGP security, and additional RIPE NCC routing data showed abnormal traffic flows that could enable man-in-the-middle surveillance. The anomalies prompted speculation of electronic support to the subsequent kinetic action. Cloudflare's principal network engineer later analyzed Radar data and concluded the incidents resulted from a BGP leak, explaining the routing oddities without confirming a targeted cyberattack.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]