1. Website Planet
  2. >
  3. News
  4. >
  5. Recently-Discovered Hack Quietly Took Down 600,000 Routers
Recently-Discovered Hack Quietly Took Down 600,000 Routers

Recently-Discovered Hack Quietly Took Down 600,000 Routers

Sarah Hardacre June 19, 2024
June 19, 2024
Cybersecurity experts with Lumen Technologies’ Black Lotus Labs have identified an incident last year that disabled more than 600,000 small office or home office routers. All devices belonged to a single, unnamed internet service provider (ISP).

The report, published on Lumen Technologies’ blog, describes a 72-hour outage in October 2023. Lumen analysts identified the malware Chalubo as the source of the problem. A remote access trojan, or RAT, Chalubo obfuscates its own presence and has only been identified once in 2018.

In this case, 49% of all modems from the ISP went offline. The infected devices became inoperable and required physical replacement. At the time, customers complained that their routers could not connect to the Internet and displayed a static red light.

The attack appears to be an isolated incident and is not currently linked to any nation-states. Chalubo can launch distributed denial of service (DDoS) attacks (like the one that targeted Microsoft a few months ago), but that function was not used in this case. Lumen researchers believe the attack aimed to cause an outage.

The ISP provides internet access to many Midwestern United States, and much of its service area is rural or underserved. Lumen noted an attack like this is particularly dangerous because cuts to the internet could reduce access to emergency services, interrupt healthcare, and cause farmers to lose sensitive data on crops they remotely monitor. Luckily, no significant impact was observed in this case.

Lumen researchers described the incident as unprecedented in terms of the number of devices that needed replacing. Independent researchers similarly told Reuters that it appeared to be one of the most serious attacks against American telecommunications on record.

The trojan reached the ISP’s customers as a malicious firmware update, but further details on how the update shipped to customers or who was responsible remain unknown.

While Lumen Technologies didn’t name the impacted ISP, Reuters identified it as Windstream, a provider based in Arkansas. A Windstream spokesperson declined to comment on the incident.

Lumen Technologies provides communications services to customers in more than 60 countries, with various solutions for the cloud, networking, and cybersecurity. Black Lotus Labs is Lumen’s threat research and operations arm.

Rate this Article
5.0 Voted by 3 users
You already voted! Undo
This field is required Maximal length of comment is equal 80000 chars Minimal length of comment is equal 10 chars
Any comments?
View %s replies
View %s reply
More news
Show more
We check all user comments within 48 hours to make sure they are from real people like you. We're glad you found this article useful - we would appreciate it if you let more people know about it.
Popup final window
Share this blog post with friends and co-workers right now:

We check all comments within 48 hours to make sure they're from real users like you. In the meantime, you can share your comment with others to let more people know what you think.

Once a month you will receive interesting, insightful tips, tricks, and advice to improve your website performance and reach your digital marketing goals!

So happy you liked it!

Share it with your friends!

1 < 1 1

Or review us on 1