A cyberattack reportedly disabled over 600,000 US routers last year

Share via:


A cyberattack was behind an incident last year that disabled over 600,000 internet routers across several Midwest states between October 25th and 27th, according to new research published by Lumen Technologies’ threat research arm, Black Lotus Labs. The incident wasn’t disclosed at the time, despite hundreds of thousands of routers being rendered inoperable.

The investigation also didn’t specify which company was targeted, but Reuters says it has identified the target as Windstream, an Arkansas-based ISP, based on cross-referencing internet outages reported during the same period. Windstream, which has a service area covering many rural or underserved communities, declined The Verge’s request for comment.

Black Lotus Labs investigated based on repeated complaints across social media and outage detectors about specific routers, particularly the ActionTec T3200 and ActionTec T3260. Users reported their issues were resolved only by their provider replacing the affected devices.

The malicious firmware package that deleted parts of the operational code on impacted routers was identified as “Chalubo,” a commodity remote access trojan. It’s unclear how the firmware was shipped to customers — whether through an unknown exploit, weak credentials, or access to administrative tools — or who was behind the attack that the researchers called “a deliberate act intended to cause an outage.”

While some mysteries remain, Black Lotus Labs recommends that organizations secure management devices and avoid basic security weaknesses like default passwords. Consumers are also encouraged to stay on top of regular security updates.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

A cyberattack reportedly disabled over 600,000 US routers last year


A cyberattack was behind an incident last year that disabled over 600,000 internet routers across several Midwest states between October 25th and 27th, according to new research published by Lumen Technologies’ threat research arm, Black Lotus Labs. The incident wasn’t disclosed at the time, despite hundreds of thousands of routers being rendered inoperable.

The investigation also didn’t specify which company was targeted, but Reuters says it has identified the target as Windstream, an Arkansas-based ISP, based on cross-referencing internet outages reported during the same period. Windstream, which has a service area covering many rural or underserved communities, declined The Verge’s request for comment.

Black Lotus Labs investigated based on repeated complaints across social media and outage detectors about specific routers, particularly the ActionTec T3200 and ActionTec T3260. Users reported their issues were resolved only by their provider replacing the affected devices.

The malicious firmware package that deleted parts of the operational code on impacted routers was identified as “Chalubo,” a commodity remote access trojan. It’s unclear how the firmware was shipped to customers — whether through an unknown exploit, weak credentials, or access to administrative tools — or who was behind the attack that the researchers called “a deliberate act intended to cause an outage.”

While some mysteries remain, Black Lotus Labs recommends that organizations secure management devices and avoid basic security weaknesses like default passwords. Consumers are also encouraged to stay on top of regular security updates.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Here’s when you can expect Google Gemini integration with...

It’s long been rumored that Apple will be...

Norwegian startup Factiverse wants to fight disinformation with AI

In the wake of the U.S. 2024 presidential...

A  study found that X’s algorithm now loves two...

Elon Musk’s X may have tweaked its algorithm...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!