Unidentified hackers disable 600,000 US routers

Unidentified hackers disable 600,000 US routers is profiled by BTW Media because published evidence links it to internet infrastructure, governance, operational dependencies, or market visibility.

• Unidentified hackers launched a cyberattack in October, disabling over 600,000 internet routers across the US heartland.
• Lumen Technologies’ Black Lotus Labs discovered the attack, attributing it to a malicious firmware update targeting routers.
• The attack severely impacted rural and underserved communities, disrupting emergency services, farming operations, and healthcare access.

Lumen Technologies’ Black Lotus Labs uncovered a significant cyberattack targeting a telecommunications company in the US heartland. This clandestine assault, occurring last October, resulted in the disabling of more than 600,000 internet routers, amplifying concerns over the vulnerability of critical infrastructure to malicious digital incursions.

Discovery and impact

Security analysts from Lumen Technologies’ Black Lotus Labs identified a massive cyberattack that disabled over 600,000 internet routers in the US heartland. The incident, occurring from October 25 to 27, impacted numerous Midwest states, disrupting internet access and potentially affecting emergency services, farming operations, and healthcare providers in rural and underserved areas.

Also read: Ukraine’s Kyivstar allocates $90 million to tackle cyberattack fallout

Also read: Cyberattack on Change Healthcare sparks concerns over security

Malicious firmware update

The attack involved a malicious firmware update that rendered the routers inoperable by deleting crucial operational code. The precise method by which this firmware update was delivered to users remains unclear. The malware continued to circulate on the internet months after the attack through certain file links left visible by the hackers.

Lumen’s assessment

Lumen Technologies reported with high confidence that the firmware update was a deliberate act intended to cause an outage. The researchers emphasised the serious consequences of such destructive attacks, particularly for communities heavily reliant on internet access for essential services.

Company and official responses

The report did not name the targeted company, but a comparison of event details pointed to Arkansas-based internet service provider Windstream. Windstream declined to comment on the incident, as did the FBI. The National Security Agency and Homeland Security Department referred inquiries to the FBI, which is responsible for investigating US cybercrimes. There were few public signs of the incident, though some Windstream customers reported issues on social media.