Follow

Mystery malware destroys 600,000 routers from a single ISP during 72-hour span(back in October)

report published Thursday by security firm Lumen Technologies’ Black Lotus Labs may shed new light on the incident, which Windstream has yet to explain

The Pumpkin Eclipse

blog.lumen.com/the-pumpkin-ecl

@ecksmc Read about this earlier. Was this a,test? I have concerns about this fall.

@Klaatu_Veratta_Nectarine many Windstream users blamed the ISP for the mass bricking. They said it was the result of the company pushing updates that poisoned the devices - After eventually determining that the routers were permanently unusable, Windstream sent new routers to affected customers. Black Lotus Labs has named the event Pumpkin Eclipse - malware took out the routers connected to a single autonomous ASN, & unnamed ISP

@Klaatu_Veratta_Nectarine The actor took deliberate steps to cover their tracks by using commodity malware known as Chalubo

news.sophos.com/en-us/2018/10/

rather than a custom-developed toolkit. A feature built into Chalubo allowed the actor to execute custom Lua scripts on the infected devices

As for a test 😏 all malware attacks are kinda a "test" in ways for future "operations" you could say...

@Klaatu_Veratta_Nectarine Black Lotus Labs representative said in an interview that researchers can't rule out that a nation-state is behind the router-wiping incident affecting the ISP. But so far, the researchers say they aren't aware of any overlap between the attacks and any known nation-state groups they track.

@ecksmc I'm just saying. I told all my kids to stock up enough water, cash to cover purchases and basic supplies for like 3 months in September just in case credit cards/supply chain/ other fuck ups occur prior to election. Because can we trust these fuckers? NO. The former guy tried to execute the whole line of succession to presidency. It's probably fine. But yeah.

@Klaatu_Veratta_Nectarine @ecksmc Thinking about how this could be a test (like Russians with Crimea before invading Ukraine) and could US voting machines be impacted and/or require greater security than is already present. 🧐

@ACG2 @ecksmc Not even necessarily voting machines. Could do a lot of things to bring things to a standstill. I have concerns.

Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.