The original source on this is here, except that it doesn’t name the ISP.
The original source on this is here, except that it doesn’t name the ISP.
Lumen’s global telemetry indicates the Chalubo malware family was highly active in November 2023 and remained so into early 2024. Based on a 30-day snapshot in October, Lumen identified over 330,000 unique IP addresses that communicated with one of 75 observed C2 nodes for at least two days, indicating a confirmed infection. This suggests that while the Chalubo malware was used in this destructive attack, it was not written specifically for destructive actions. We suspect the threat actors behind this event chose a commodity malware family to obfuscate attribution, instead of using a custom-developed toolkit. At this time, we do not have an overlap between this activity and any known nation-state activity clusters. We assess with high confidence that the malicious firmware update was a deliberate act intended to cause an outage, and thought we expected to see a number of router make and models affected across the internet, this event was confined to the single ASN.
Wow, the company is going to accept 600k routers for physical repair and return? I hope they had good cyber attack insurance, that’s going to be expensive.
Wow, the company is going to accept 600k routers for physical repair and return? I hope they had good cyber attack insurance, that’s going to be expensive.
The original source on this is here, except that it doesn’t name the ISP.
Wow, the company is going to accept 600k routers for physical repair and return? I hope they had good cyber attack insurance, that’s going to be expensive.