Jan 06, 2026 16:00:00

When the US attacked Venezuela, the capital city lost power and a 'BGP anomaly' occurred.

Low Orbit Security , a cybersecurity newsletter, reports that when the US attack on Venezuela took place, power outages and BGP anomalies occurred in Venezuela.

Radar #16: Week of 01/05/2026
https://loworbitsecurity.com/radar/radar16/

On January 3, 2026, US President Donald Trump conducted a military operation in Caracas, the capital of Venezuela, to detain Venezuelan President Nicolas Maduro and his wife. Regarding the military operation in Caracas, President Trump said , 'It was dark. Thanks to our expertise, most of the lights in Caracas were out. It was dark. It was dangerous,' suggesting that the blackout in Caracas was part of a US military operation.

'As we approach the Venezuelan coast, the United States has secured a path of invasion through the cumulative effects of Space Command, Cyber Command, and other combined forces,' Air Force General Dan Cain , Chairman of the Joint Chiefs of Staff, said at a press conference.

Gen. Caine, chairman of the Joint Chiefs of Staff, details timeline of Venezuela operation - YouTube

Low Orbit Security conducted its own investigation into the cyberattacks believed to have taken place during the Venezuela attack, and the first thing they noticed was BGP.

BGP is a protocol used by routers to determine the route that data should take to reach its destination. BGP is known to be insecure, and much of the data about BGP is collected in public datasets. All major networks are assigned an Autonomous System (AS) number, and CANTV , the Venezuelan national internet service provider, has been assigned the AS number (ASN) ' AS8048 .'

A check of AS8048 on January 2nd using Cloudflare Radar revealed that eight prefixes (blocks of IP addresses) were routed through CANTV, and that the AS path included Italian transit provider Sparkle and Colombian telecommunications provider GlobeNet. The AS path is a list of networks that traffic passes through before reaching its destination, and CANTV included paths that are not normally included.

Further investigation revealed a significant increase in BGP announcements and a significant decrease in 'announced IP address space' in the days leading up to the event. However, Low Orbit Security said it was unclear what the BGP anomaly indicated.

Sparkle is one of the AS paths that has been deemed 'unsafe' by Cloudflare's '

Is BGP safe yet? ' tool, which can determine whether BGP is safe or not. Sparkle is deemed unsafe because it does not implement BGP-related security features such as RPKI filtering .

Cloudflare indicates that a breach has occurred but does not display the actual network prefixes, which can help identify which infrastructure may have been affected. Because the public dataset collected BGP information and captured data on the timing of the breach, Low Orbit Security used bgpdump to extract the data in a readable format.

The acquired data is as follows:

TIME: 01/02/26 15:41:16
TYPE: BGP4MP/MESSAGE/Update
FROM: 187.16.222.45 AS263237
TO: 187.16.216.23 AS12654
ORIGIN: IGP
ASPATH: 263237 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 23520 1299 269832 21980
NEXT_HOP: 187.16.222.45
COMMUNITY: 0:6939 65237:1020
ANNOUNCE
200.74.228.0/23
200.74.236.0/23
200.74.230.0/23
200.74.238.0/23
200.74.226.0/24

By further processing this, it was possible to convert it into data that included prefixes that were not displayed in Cloudflare Radar.

BGP4MP|1767368421|A|187.16.208.144|24482|200.74.230.0/23|24482 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 6762 1299 269832 21980|IGP|187.16.208.144|0|0|24482:2 24482:200 24482:13000 24482:13020 24482:13021 24482:65304 52320:41912 52320:61056 52320:64123|NAG||
BGP4MP|1767368421|A|187.16.208.144|24482|200.74.236.0/23|24482 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 6762 1299 269832 21980|IGP|187.16.208.144|0|0|24482:2 24482:200 24482:13000 24482:13020 24482:13021 24482:65304 52320:41912 52320:61056 52320:64123|NAG||
BGP4MP|1767368421|A|187.16.208.144|24482|200.74.228.0/23|24482 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 6762 1299 269832 21980|IGP|187.16.208.144|0|0|24482:2 24482:200 24482:13000 24482:13020 24482:13021 24482:65304 52320:41912 52320:61056 52320:64123|NAG||
BGP4MP|1767368421|A|187.16.208.144|24482|200.74.238.0/23|24482 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 6762 1299 269832 21980|IGP|187.16.208.144|0|0|24482:2 24482:200 24482:13000 24482:13020 24482:13021 24482:65304 52320:41912 52320:61056 52320:64123|NAG||
BGP4MP|1767368421|A|187.16.208.144|24482|200.74.226.0/24|24482 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 6762 1299 269832 21980|IGP|187.16.208.144|0|0|24482:2 24482:200 24482:13000 24482:13020 24482:13021 24482:65304 52320:41912 52320:61056 52320:64123|NAG||
BGP4MP|1767368421|A|187.16.208.144|24482|200.74.232.0/24|24482 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 23520 1299 1299 269832 21980|IGP|187.16.208.144|0|0|24482:2 24482:200 24482:13000 24482:13020 24482:13021 24482:65304 52320:41912 52320:61056 52320:64123|NAG||
BGP4MP|1767368421|A|187.16.208.144|24482|200.74.233.0/24|24482 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 23520 1299 1299 269832 21980|IGP|187.16.208.144|0|0|24482:2 24482:200 24482:13000 24482:13020 24482:13021 24482:65304 52320:41912 52320:61056 52320:64123|NAG||
BGP4MP|1767368421|A|187.16.208.144|24482|200.74.234.0/24|24482 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 23520 1299 1299 269832 21980|IGP|187.16.208.144|0|0|24115:52320 24115:65012 24482:2 24482:200 24482:13000 24482:13020 24482:13021 52320:41912 52320:61056 52320:64123|NAG||
BGP4MP|1767368421|A|187.16.222.45|263237|200.74.234.0/24|263237 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 23520 1299 1299 269832 21980|IGP|187.16.222.45|0|0|0:6939 65237:1020|NAG||
BGP4MP|1767368421|A|187.16.222.45|263237|200.74.233.0/24|263237 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 23520 1299 1299 269832 21980|IGP|187.16.222.45|0|0|0:6939 65237:1020|NAG||
BGP4MP|1767368421|A|187.16.222.45|263237|200.74.232.0/24|263237 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 23520 1299 1299 269832 21980|IGP|187.16.222.45|0|0|0:6939 65237:1020|NAG||
BGP4MP|1767368446|A|187.16.222.45|263237|200.74.228.0/23|263237 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 6762 1299 269832 21980|IGP|187.16.222.45|0|0|0:6939 65237:1020|NAG||
BGP4MP|1767368446|A|187.16.222.45|263237|200.74.236.0/23|263237 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 6762 1299 269832 21980|IGP|187.16.222.45|0|0|0:6939 65237:1020|NAG||
BGP4MP|1767368446|A|187.16.222.45|263237|200.74.230.0/23|263237 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 6762 1299 269832 21980|IGP|187.16.222.45|0|0|0:6939 65237:1020|NAG||
BGP4MP|1767368446|A|187.16.222.45|263237|200.74.238.0/23|263237 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 6762 1299 269832 21980|IGP|187.16.222.45|0|0|0:6939 65237:1020|NAG||
BGP4MP|1767368446|A|187.16.222.45|263237|200.74.226.0/24|263237 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 6762 1299 269832 21980|IGP|187.16.222.45|0|0|0:6939 65237:1020|NAG||
BGP4MP|1767368450|A|187.16.222.45|263237|200.74.234.0/24|263237 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 23520 1299 269832 21980|IGP|187.16.222.45|0|0|0:6939 65237:1020|NAG||
BGP4MP|1767368450|A|187.16.222.45|263237|200.74.233.0/24|263237 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 23520 1299 269832 21980|IGP|187.16.222.45|0|0|0:6939 65237:1020|NAG||
BGP4MP|1767368450|A|187.16.222.45|263237|200.74.232.0/24|263237 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 23520 1299 269832 21980|IGP|187.16.222.45|0|0|0:6939 65237:1020|NAG||
BGP4MP|1767368451|A|187.16.208.144|24482|200.74.234.0/24|24482 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 23520 1299 269832 21980|IGP|187.16.208.144|0|0|24482:2 24482:200 24482:13000 24482:13020 24482:13021 24482:65304 52320:41912 52320:61056 52320:64123|NAG||
BGP4MP|1767368451|A|187.16.208.144|24482|200.74.232.0/24|24482 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 23520 1299 269832 21980|IGP|187.16.208.144|0|0|24482:2 24482:200 24482:13000 24482:13020 24482:13021 24482:65304 52320:41912 52320:61056 52320:64123|NAG||
BGP4MP|1767368451|A|187.16.208.144|24482|200.74.233.0/24|24482 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 23520 1299 269832 21980|IGP|187.16.208.144|0|0|24482:2 24482:200 24482:13000 24482:13020 24482:13021 24482:65304 52320:41912 52320:61056 52320:64123|NAG||
BGP4MP|1767368451|A|187.16.208.144|24482|200.74.238.0/23|24482 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 23520 1299 269832 21980|IGP|187.16.208.144|0|0|24482:2 24482:200 24482:13000 24482:13020 24482:13021 24482:65304 52320:41912 52320:61056 52320:64123|NAG||
BGP4MP|1767368451|A|187.16.208.144|24482|200.74.228.0/23|24482 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 23520 1299 269832 21980|IGP|187.16.208.144|0|0|24482:2 24482:200 24482:13000 24482:13020 24482:13021 24482:65304 52320:41912 52320:61056 52320:64123|NAG||
BGP4MP|1767368451|A|187.16.208.144|24482|200.74.226.0/24|24482 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 23520 1299 269832 21980|IGP|187.16.208.144|0|0|24482:2 24482:200 24482:13000 24482:13020 24482:13021 24482:65304 52320:41912 52320:61056 52320:64123|NAG||
BGP4MP|1767368451|A|187.16.208.144|24482|200.74.236.0/23|24482 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 23520 1299 269832 21980|IGP|187.16.208.144|0|0|24482:2 24482:200 24482:13000 24482:13020 24482:13021 24482:65304 52320:41912 52320:61056 52320:64123|NAG||
BGP4MP|1767368451|A|187.16.208.144|24482|200.74.230.0/23|24482 52320 8048 8048 8048 8048 8048 8048 8048 8048 8048 23520 1299 269832 21980|IGP|187.16.208.144|0|0|24482:2 24482:200 24482:13000 24482:13020 24482:13021 24482:65304 52320:41912 52320:61056 52320:64123|NAG||

Of particular note in this data is that CANTV's AS path, AS8048, is repeated more than 10 times. Low Orbit Security points out, 'This is very odd and may make this route less attractive, as BGP prefers shorter paths. It's also noteworthy that all eight prefixes fall within the single 200.74.224.0/20 block.'

A WHOIS search for '200.74.224.0/20,' where these eight prefixes converge, revealed that it belongs to Dayco Telecom, a telecommunications provider in Caracas.

Reverse

DNS lookup allows you to find domain names from IP addresses, and interestingly, searching some of these ranges reveals highly critical infrastructure, such as banks, internet providers, and mail servers.

When BGP traffic is sent from point A to point B, it may be rerouted via point C. Controlling point C for even a few hours could theoretically gather a huge amount of information that would be very useful to government agencies. The fact that CANTV's AS8048 is prepended 10 times to the AS path means that traffic will not prefer this route via AS8048. Low Orbit Security said, 'That was probably the goal (to prevent traffic from going through AS8048). There are still many open questions.'

Related Posts:

Jan 06, 2026 16:00:00 in Security, Posted by logu_ii