Source URL: https://krebsonsecurity.com/2025/06/proxy-services-feast-on-ukraines-ip-address-exodus/
Source: Krebs on Security
Title: Proxy Services Feast on Ukraine’s IP Address Exodus
Feedly Summary: Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of proxy and anonymity services nested at some of America’s largest Internet service providers (ISPs).
AI Summary and Description: Yes
**Summary:**
The text discusses how the Russian invasion of Ukraine has drastically affected the allocation of IPv4 address space, with a significant portion now controlled by proxy services linked to large American ISPs. This shift raises security concerns as many of these addresses are being used to facilitate cybercrime, including attacks against Ukraine and its allies. The findings present significant implications for internet governance and security practices, particularly in light of AT&T’s recent policy changes aimed at mitigating risks associated with undisclosed routing.
**Detailed Description:**
The report produced by Kentik highlights critical changes in Ukraine’s internet space due to geopolitical conflicts. The key findings and implications include:
– **IPv4 Address Loss:** Since the onset of the conflict in February 2022, nearly 20% of Ukraine’s internet Protocol Version 4 (IPv4) address space has been sold or is under Russian control. Notably, major ISPs like Ukrtelecom have had to sell their IP allocations to maintain operational stability.
– **Proxy and Anonymity Services:** Many of the exile IP addresses have been transferred to international proxy services, which allow users to route their internet traffic through these addresses. This anonymity, while sometimes used for benign purposes, is facilitating cybercrime and attacks against various targets, including Ukraine.
– **Magnitude of Proxy Usage:** A significant amount of the relinquished Ukrainian IP address space has been integrated into U.S.-based ISPs, including AT&T and Amazon. This communication framework makes it easy to obscure the source of cyberattacks.
– **Financial Incentives for Leasing:** ISPs are reportedly leasing out IPv4 addresses for significant financial gain, which raises questions about the responsibility of ISPs in managing address blocks and the potential misuse of these leased addresses by ill-intentioned actors.
– **AT&T’s Policy Change:** AT&T announced plans to tighten control over proxy services using its routing infrastructure. They indicated that those using IP addresses not assigned by AT&T would need to establish their own routing network by September 2025, which could influence how proxy services operate moving forward.
– **Cyberattack Implications:** The rapid reshuffling of IP addresses includes those linked to cyberattack operations against Ukraine. Russian state-sponsored hackers have leveraged this proxy network for a range of malicious activities.
– **Broader ISP Concerns:** Although AT&T is making strides to reduce proxy routing, other large ISPs, like Cogent, are still maintaining lenient policies, which could contribute to ongoing cyber threats.
**Implications:**
– **Compliance and Regulation:** This situation underscores the necessity for stricter compliance and governance frameworks surrounding IP address management, particularly in times of geopolitical tension.
– **Security Enforcement:** There is a growing need for security professionals to consider IP address provenance in their risk assessments and mitigation strategies.
– **Global Cooperation:** The interconnection of global ISPs in this scenario illustrates the importance of international cooperation in cybersecurity regulation to combat cross-border cybercrime.
Overall, this situation brings to light the fragile dynamics within internet infrastructure in times of conflict and the critical tasks facing security professionals in managing and safeguarding these assets.