A cyberattack reportedly disabled more than 600,000 routers in the US last year

A cyberattack was behind an incident last year that disabled more than 600,000 Internet routers in several Midwestern states between October 25 and 27. according to new research published by Lumen Technologies’ threat research arm, Black Lotus Labs. The incident was not publicized at the time, despite hundreds of thousands of routers being down.

The investigation also did not specify which company was targeted, but Reuters it says identified the target as Windstream, an Arkansas-based ISP, based on cross-references of Internet outages reported during the same period. Windstream, which has a service area that covers many rural or underserved communities, has declined On the edgerequest for comment.

Black Lotus Labs Investigated Based on Repeated Complaints on the social networks and outage detectors on specific routers, particularly the ActionTec T3200 and ActionTec T3260. Users reported that their issues were resolved only by having the affected devices replaced by the provider.

The malicious firmware package that deleted parts of the operating code on the affected routers was identified as “Chalubo,” a common remote access trojan. It’s unclear how the firmware was pushed to customers — whether through an unknown exploit, weak credentials or access to administrative tools — or who was behind the attack that researchers called “a deliberate act intended to cause a disruption ”.

While some mysteries remain, Black Lotus Labs recommends that organizations secure management devices and avoid basic security weaknesses such as default passwords. Consumers are also encouraged to stay tuned for regular security updates.