Mystery malware destroys 600,000 routers from a single ISP during 72-hour span(back in October)
report published Thursday by security firm Lumen Technologies’ Black Lotus Labs may shed new light on the incident, which Windstream has yet to explain
The Pumpkin Eclipse
@ecksmc Read about this earlier. Was this a,test? I have concerns about this fall.
@Klaatu_Veratta_Nectarine many Windstream users blamed the ISP for the mass bricking. They said it was the result of the company pushing updates that poisoned the devices - After eventually determining that the routers were permanently unusable, Windstream sent new routers to affected customers. Black Lotus Labs has named the event Pumpkin Eclipse - malware took out the routers connected to a single autonomous ASN, & unnamed ISP
@Klaatu_Veratta_Nectarine The actor took deliberate steps to cover their tracks by using commodity malware known as Chalubo
rather than a custom-developed toolkit. A feature built into Chalubo allowed the actor to execute custom Lua scripts on the infected devices
As for a test 😏 all malware attacks are kinda a "test" in ways for future "operations" you could say...
@Klaatu_Veratta_Nectarine Black Lotus Labs representative said in an interview that researchers can't rule out that a nation-state is behind the router-wiping incident affecting the ISP. But so far, the researchers say they aren't aware of any overlap between the attacks and any known nation-state groups they track.