Around 12,000 suspicious IPs began sending traffic worldwide after being inactive for years

In an unprecedented event, cybersecurity specialists found that more than 50 computer networks that had been idle for years suddenly resumed their activities. These networks are distributed throughout different territories in North America.

A few days ago Spamhaus specialists detected the resumption of activities of these networks, each advertised as autonomous systems (ASNs) that have also been inactive for long periods.

La imagen tiene un atributo ALT vacío; su nombre de archivo es spamhaus01122020.jpg

In their report, specialists mention: “In 48 of the cases detected 20 networks with 4096 IPv4 addresses stand out, while in the remaining 4 cases 19 networks with 8192 IP2 addresses were detected. Experts believe that the chances of an incident like this happening by simple coincidence are almost nil; however, experts have not detected a link between these networks and the ANs that advertise them, except for the fact that both remained inactive for months.

After analyzing the available data, experts discovered that most of these networks are located in New York and some surrounding cities. Researchers also found that the BGP routes that connect these networks to their accommodation include Ukrainian ASNs that lead major companies in that area of Europe: “These routes should be considered illegitimate until the investigation reaches a conclusive point,” the experts say.

Although some routes were withdrawn shortly after the sudden resumption of activity, many remained operational at the end of last week. DROP is a list of CIDR block text files that have been stolen or fully controlled by spammers.

Classless Addressing (CIDR) is an IP addressing method that enables flexible management of IP address space without using a rigid classy addressing framework. Using this method allows you to economically use a limited resource of IP addresses, as it is possible to apply different subnet masks to different subnets.