Hundreds of thousands of US internet routers destroyed in newly
discovered 2023 hack
Send a link to a friend
 [May 31, 2024]
By Christopher Bing
WASHINGTON (Reuters) - - An unidentified hacking group launched a
massive cyberattack on a telecommunications company in the U.S.
heartland late last year that disabled hundreds of thousands of internet
routers, according to research published Thursday.
Security analysts with Lumen Technologies' Black Lotus Labs discovered
the attack in recent months and reported on it in a blog post.
The October incident, which was not disclosed at the time, took more
than 600,000 internet routers offline. Independent experts said it
appeared to be one of the most serious cyberattacks ever against
America’s telecommunications sector.
The researchers said the hackers installed malicious software that
disrupted internet access from Oct. 25 to 27 across numerous Midwest
states. The analysts found the malware, which continued circulating, on
the internet months later through certain file links that the hackers
left visible.
The report did not name the company that was attacked. Nor did Lumen
attribute the hack to a particular country or known group. The
researchers said the saboteurs used common methods which made them
harder to identify.
The internet routers were disabled when a malicious firmware update sent
to the company's customers deleted elements of the routers’ operational
code, making them effectively inoperable. Exactly how the firmware
update was shipped to users was unclear.
“We assess with high confidence that the malicious firmware update was a
deliberate act intended to cause an outage,” Lumen's report said.
“Destructive attacks of this nature are highly concerning, especially so
in this case."
A comparison of details and event descriptions in the Lumen report with
internet outages on the dates of the attack pointed to one entity:
Arkansas-based internet service provider Windstream.
[to top of second column]
|
A projection of cyber code on a hooded man is pictured in this
illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration//File
Photo
A spokesperson for Windstream declined to comment as did the FBI.
The National Security Agency and Homeland Security Department
referred inquiries to the FBI.
The researchers described the potential consequences from the attack
as serious.
"A sizeable portion of this ISP’s service area covers rural or
underserved communities; places where residents may have lost access
to emergency services, farming concerns may have lost critical
information from remote monitoring of crops during the harvest, and
health care providers cut off from telehealth or patients’ records,”
the researchers wrote.
There are few public signs of the incident. On the social media
platform Reddit, self-identified Windstream customers posted
complaints about a strange outage beginning around Oct. 25, the date
noted by Lumen.
The Reddit users described how their routers would not connect to
their internet provider so they could not access the internet. The
users said Windstream was requiring them to return their disabled
routers for new devices because a remote fix did not seem possible.
It was not clear if the FBI, which is in charge of investigating
U.S. cybercrimes, was notified of the hack. But private companies
often elect not to disclose such incidents.
(Reporting by Christopher Bing; Editing by Cynthia Osterman)
[© 2024 Thomson Reuters. All rights reserved.]This material
may not be published, broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
 |
