While it’s pretty well known that the DPRK is assigned ASN131279 there are a handful of other ranges that they seemingly have access to. Based on the names these appear to be assigned to the DPRK via Russia TransTelekom
| CIDR | ASN | Netname | Company |
| 62.33.81.0/24 | 20485 | KPOST-NET | TTK-DV |
| 80.237.84.0/24 | 20485 | KPOST-NET | TTK-DV |
| 188.43.88.0/24 | 20485 | KPOST-NET | TTK-DV |
| 188.43.136.0/24 | 20485 | KPOST-NET2 | TTK-DV |
And while not as explicitly named they are also using
| 45.126.3.0/24 | 134544 | Cenbong Int’l Holdings |
These make sense as both 20485 and 134544 are upstream peers of ASN 131279
There are also a handful of other ranges that they are leveraging. The first two are also part of TTK and the final one I haven’t seen evidence of being in use but the abuse contact email for the IPs are postmaster@silibank.com and the company listed is Liaoning Clear channel data Communication, Inc which is right over the border from the DPRK in China.
| 80.237.87.0/24 | 20485 | SKYFREIGHT-NET |
| 83.234.227.0/24 | 20485 | SKYFREIGHT-NET |
| 218.25.43.208/28 | 4837 | China Unicom |
Now, I’ve been working on some more detailed infrastructure write ups but one thing that stood out last year was a note on an ITW account that listed information about proxying traffic via Russia and Hong Kong. Note is below:
The following IPs are also used for traffic leaving the country via NetKey/OConnect
- 45.126.3.252
- 83.234.227.41
Discover more from North Korean Internet
Subscribe to get the latest posts sent to your email.