This is a continuation of Internet Address Hijacking, Spoofing, and Squatting Attacks.
This scenario is similar to an ASN hijacking attack but in this case, the attacker hijacks the registration of an IP prefix. The IP Prefix registrant is the victim.
In order to use the IP net block, the attacker must find a way to have the IP Prefix advertised. He could use any of the methods described under IP Prefix Squatting Attacks. It may be possible that he could also exploit the existing arrangement between the legitimate IP Prefix registrant and his “native” AS. The operator of the AS is unlikely to be aware that the IP net block was hijacked and will advertise it as reachable as part of normal routing operations.
Figure 7. IP Prefix Hijacking