Security News > 2024 > May > Malware botnet bricked 600,000 routers in mysterious 2023 attack
A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that destroyed 600,000 office/home office internet routers offline, disrupting customers' internet access.
The incident had a focused impact, affecting a single internet service provider and three models of routers used by the firm: the ActionTec T3200s, ActionTec T3260s, and Sagemcom F5380.
Starting on October 25, 2023, Windstream customers began reporting on Reddit that their routers were no longer working.
Fast forward seven months and a new report by Black Lotus may finally shed some light on the incident, explaining that a botnet was responsible for bricking 600,000 routers across the midwest states at a single ISP in October 2023.
Only one of these panels was used for the destructive attack and it focused on a specific American ISP, causing Black Lotus researchers to believe that the attacker purchased the Chalubo panel for the specific purpose of deploying the destructive payload on routers.
New Cuttlefish malware infects routers to monitor traffic for credentials.
News URL
Related news
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- MikroTik botnet uses misconfigured SPF DNS records to spread malware (source)
- 13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks (source)
- Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Mirai botnet behind the largest DDoS attack to date (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)