Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.
Digibase Security Advisory - Telegram IP Address Range Hijack
Keywords: Telegram, BGP hijack, network operations
DBSA ID: 2018-073001
Regarding: Telegram IP Address Range Hijack
Date: 2018 07 30
Last Modified: 20180730135700 by Kradorex Xeron
Who should take note: Telegram Users
Rationale: Users may want to monitor official Telegram communications and other media sources.
Rationale: It is not believed that communications were compromised at this time.
Spread of Issue: SINGLE-PLATFORM HIGH
Rationale: All Telegram users are potentially subject.
Telegram is an online chat service that advertises high-security end-to-end encryption used by approximately 200 million users as of March 2018.
BGP is the routing protocol used by Internet providers for mapping out the global Internet. Providers "announce" IP ranges that they are responsible for routing to the rest of the Internet so the internet can figure out how to reach them. A "BGP hijack" is where a provider who does not own a given IP address range advertises that range, typically to intercept or interrupt Internet traffic.
Beginning at 06:28:25 UTC on 30 July 2018, Telegram Messenger LLP, the company overseeing the operation and administration of the Telegram platform experienced four BGP hijack events by "Iran Telecommunication Company PJS", a provider that is associated with the Iranian government. This hijack re-routed traffic destined to two networks operated by Telegram Messenger LLP, networks known as "126.96.36.199/22" and "188.8.131.52/23", which are networks where Telegram servers are situated.
Due to Telegram's encrypted nature, it isn't believed that communications were compromised at this time, but this report will be updated if this changes.
Telegram users may wish to monitor Telegram official communications or media to determine if there is any risk. This report will be updated if the risk profile changes.