Malware botnet bricked 600,000 routers in mysterious 2023 event

A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that destroyed 600,000 office/home office internet routers offline, disrupting customers' internet access.
According to researchers at Lumen's Black Lotus Labs, who observed the incident, it disrupted internet access across numerous Midwest states between October 25 and October 27, 2023.
This left owners of the infected devices with no option but to replace the routers.
The incident had a focused impact, affecting a single internet service provider and three models of routers used by the firm: the ActionTec T3200s, ActionTec T3260s, and Sagemcom F5380.
Black Lotus Labs says the particular ISP serves vulnerable communities in the United States and suffered a 49% reduction in operating modems due to the 'Pumpkin Eclipse' incident.
While Black Lotus did not name the ISP, it bears a striking resemblance to a Windstream outage that occurred during the same timeframe.
Starting on October 25, 2023, Windstream customers began reporting on Reddit that their routers were no longer working.
Subscribers impacted by the Windstream outage were told they needed to replace the routers with a new one to restore their internet access.
Fast forward seven months and a new report by Black Lotus may finally shed some light on the incident, explaining that a botnet was responsible for bricking 600,000 routers across the midwest states at a single ISP in October 2023.
The attacker can send commands to the bot through Lua scripts, which enable data exfiltration, downloading of additional modules, or introducing new payloads on the infected device.
Black Lotus Labs did not observe any DDoS attacks from the botnet.
The analysts note that Chalubo misses a persistence mechanism, so rebooting the infected router disrupts the bot's operation.
Black Lotus Labs says its telemetry data indicates that Chalubo operates 45 malware panels communicating over 650,000 unique IP addresses from October 3 to November 3, most based in the United States.
Only one of these panels was used for the destructive attack and it focused on a specific American ISP, causing Black Lotus researchers to believe that the attacker purchased the Chalubo panel for the specific purpose of deploying the destructive payload on routers.
The researchers could not find the payload used to brick the routers, so they were unable to determine how it was done or for what purpose.
Multiple botnets exploiting one-year-old TP-Link flaw to hack routers.
Police seize over 100 malware loader servers, arrest four cybercriminals.
TP-Link fixes critical RCE bug in popular C5400X gaming router.
Ebury botnet malware infected 400,000 Linux servers since 2009.
New Cuttlefish malware infects routers to monitor traffic for credentials.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 May 2024 19:01:04 +0000


Cyber News related to Malware botnet bricked 600,000 routers in mysterious 2023 event

Malware botnet bricked 600,000 routers in mysterious 2023 event - A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that destroyed 600,000 office/home office internet routers offline, disrupting customers' internet access. According to researchers at Lumen's Black Lotus Labs, ...
2 weeks ago Bleepingcomputer.com
Malware botnet bricked 600,000 routers in mysterious 2023 attack - A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that destroyed 600,000 office/home office internet routers offline, disrupting customers' internet access. According to researchers at Lumen's Black Lotus Labs, ...
2 weeks ago Bleepingcomputer.com
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
3 months ago Securityboulevard.com
Stealthy KV-botnet hijacks SOHO routers and VPN devices - The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and ...
6 months ago Bleepingcomputer.com
FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
3 months ago Bleepingcomputer.com
Stealthier version of P2Pinfect malware targets MIPS devices - The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS processors, such as routers and IoT devices. Due to their efficiency and compact design, MIPS chips are prevalent in embedded systems like routers, ...
6 months ago Bleepingcomputer.com
New botnet malware exploits two zero-days to infect NVRs and routers - A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution vulnerabilities to infect routers and video recorder devices. The malware hijacks the devices to make them part of its DDoS swarm, ...
6 months ago Bleepingcomputer.com
US Gov Disrupts SOHO Router Botnet Used by Chinese APT Volt Typhoon - The US government on Wednesday announced a major takedown of a botnet full of end-of-life Cisco and Netgear routers after researchers warned it was being used by Chinese state-backed hackers as a covert communications channel. The disruption comes ...
4 months ago Securityweek.com
Qbot malware returns in campaign targeting hospitality industry - The QakBot malware is once again being distributed in phishing campaigns after the botnet was disrupted by law enforcement over the summer. In August, a multinational law enforcement operation called Operation Duck Hunt accessed the QakBot admin's ...
5 months ago Bleepingcomputer.com
MySQL servers targeted by 'Ddostf' DDoS-as-a-Service botnet - MySQL servers are being targeted by the 'Ddostf' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals. This campaign was discovered by researchers at the AhnLab Security Emergency Response ...
6 months ago Bleepingcomputer.com
Bigpanzi botnet infects 170,000 Android TV boxes with malware - A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. Beijing-based Qianxin Xlabs reports that the threat group controls a ...
4 months ago Bleepingcomputer.com
Feds go Fancy Bear hunting, take down Russia's GRU botnet The Register - The US government today said it disrupted a botnet that Russia's GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets. Moobot ...
3 months ago Go.theregister.com
"Largest Botnet Ever" Disrupted. 911 S5's Alleged Mastermind Arrested - A vast network of millions of compromised computers, being used to facilitate a wide range of cybercrime, has been disrupted by a multinational law enforcement operation. 35-year-old YunHe Wang, a dual citizen of China and St. Kitts and Nevis, is ...
2 weeks ago Tripwire.com
Pirated Microsoft Office delivers malware cocktail on systems - Cybercriminals are distributing a malware cocktail through cracked versions of Microsoft Office promoted on torrent sites. The malware delivered to users includes remote access trojans, cryptocurrency miners, malware downloaders, proxy tools, and ...
2 weeks ago Bleepingcomputer.com
How to Extract Malware Configurations in a Sandbox - The most sought-after source of these indicators is malware configurations. Malware Sandboxing Leader ANY.RUN handles the heavy lifting of phishing and malware analysis for SOC and DFIR teams and also helps 300,000 professionals use the platform to ...
4 months ago Gbhackers.com
PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
4 months ago Securityintelligence.com
How to Remove Malware + Viruses - Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC ...
1 month ago Pandasecurity.com
Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested - The US Justice Department announced on Wednesday that the massive 911 S5 proxy botnet has been dismantled and its alleged administrator, a Chinese national, has been arrested. The Treasury Department earlier this week announced sanctions against ...
2 weeks ago Packetstormsecurity.com
Botnet Struck U.S. Routers; Here's How to Keep Employees Safe - State-sponsored hackers affiliated with China have targeted small office/home office routers in the U.S. in a wide-ranging botnet attack, Federal Bureau of Investigation Director Christopher Wray announced on Wednesday, Jan. 31. Most of the affected ...
4 months ago Techrepublic.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 month ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 month ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 month ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 month ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 month ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 month ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)