NewsSecurityTech

Massive internet outage: 600,000 routers bricked in 3 days

Windstream customers were left without internet after over 600,000 routers were permanently disabled by malicious firmware in a coordinated cyberattack deploying the Chalubo malware.

By
Shubham Sawarkar
Shubham Sawarkar's avatar
ByShubham Sawarkar
Editor-in-Chief
I’m a tech enthusiast who loves exploring gadgets, trends, and innovations. With certifications in CISCO Routing & Switching and Windows Server Administration, I bring a sharp...
Follow:
- Editor-in-Chief
We may get a commission from retail offers. Learn more
A close-up photo of a black router with three antennas. The router is blinking red light. In the background, there is a solid blue background.
Illustration by Rengised / Dribbble

In a shocking incident, an unidentified hacker has crippled hundreds of thousands of home internet routers in a coordinated attack. Over a mere 72-hour period in October 2023, a malicious firmware update effectively bricked more than 600,000 routers belonging to a single internet service provider (ISP). This left countless homes and businesses without internet access, causing significant disruption.

The attack targeted a specific model of router, the ActionTec T3200, primarily used for small offices and home offices (SOHO). Security researchers from Black Lotus Labs at Lumen Technologies meticulously analyzed the event, detailing it in a recent report. Their findings paint a disturbing picture of a deliberate attempt to cause widespread internet outages.

The culprit behind this large-scale disruption appears to be a remote access trojan (RAT) called Chalubo. First identified in 2018, Chalubo is known for its ability to deliver customized malicious payloads specifically designed to compromise SOHO routers and Internet of Things (IoT) devices. In this instance, Chalubo was used to inject a corrupted firmware update onto the targeted routers.

Firmware is the underlying software that controls a device’s core functionality. A malicious update can essentially rewrite this code, rendering the device unusable. Security researchers believe the attackers used Chalubo to obfuscate their identity, opting for a common malware strain rather than a custom-developed tool.

While the attack method is becoming clearer, the motive behind this large-scale disruption remains shrouded in secrecy. Black Lotus Labs found no evidence linking the attack to known nation-state hacking groups. However, the researchers are confident this was a deliberate act of sabotage, aiming to create a denial-of-service (DoS) event – essentially, an internet blackout for the affected users.

Though the Black Lotus Labs report refrains from naming the affected ISP, Ars Technica has identified it as Windstream. This conclusion is based on details gleaned from Windstream subscribers’ reports during the October 2023 timeframe, along with the specific router model targeted in the attack.

Discover more from GadgetBond

Subscribe to get the latest posts sent to your email.

Most Popular
Also Read