Skip to main content

This malware botnet bricked over 600,000 routers in coordinated attack — but no one is really sure why

posted onJune 3, 2024
by l33tdawg
Tech Radar
Credit: Tech Radar

A malicious botnet bricked 600,000 office and home office (SOHO) routers in what seems to be a coordinated attack against a specific internet service provider (ISP).

Cybersecurity researchers from Lumen’s Black Lotus Labs recently released a report on a botnet they dubbed “Pumpkin Eclipse”.

In the report, the researchers said that a piece of commodity remote access trojan (RAT) called Chalubo compromised hundreds of thousands of SOHO routers, consisting of three specific models: ActionTec T3200s, ActionTec T3260s, and Sagemcom F5380, all belonging to the same ISP. Chalubo pulled these routers into the botnet which, among other things, was capable of running distributed denial of service (DDoS) attacks.

Then, between October 25 and 27, 2023, the routers started dying. While Black Lotus did not name the ISP being attacked, BleepingComputer said that the attack “bears a striking resemblance” to the Windstream outage, since its users started reporting dead routers on October 25. "So I've had a T3200 modem for a while now, but today, something happened that I've never experienced before. The internet light is showing solid red. What does it mean, and how do I fix it?," one out of many Redditors said at the time.

Source

Tags

Industry News

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th