AS202734 hijacked multiple Chinese Carriers on May 16-17
4 hours ago
- #BGP Hijacking
- #Network Security
- #Incident Report
- A fully-attributed BGP hijacking incident occurred on May 16-17, 2026, involving AS202734 announcing 3,948 IPv4 prefixes it did not own, targeting major Chinese carriers and infrastructure.
- The hijacker was identified as Junqi Tian (Jacob Tian), a graduate student at McGill University and researcher at Mila - Quebec AI Institute, with AS202734 registered to him.
- Key evidence includes BIRD config showing premeditated route injection, a Looking Glass confirming active hijacked routes, and GitHub submissions aligning with the hijack date.
- The sponsoring organization, MoeDove LLC, operates global PoPs including in mainland China, and their network engineer responded abusively to an abuse report.
- Actions taken include reporting to RIPE NCC, Vultr, Cloudflare, and academic institutions, with Vultr cutting IPv4 peering, but RIPE NCC stated they lack scope to act.
- The community is asked to report unusual prefixes from AS202734/AS402333/AS44324, suggest filtering steps for bogons, and share best practices for dealing with uncooperative LIRs.