In a shocking revelation, Lumen Technologies has unveiled details of a cyberattack that disabled over 600,000 personal routers last year, previously undisclosed until now. The attack, occurring between October 25-27, 2023, targeted routers from Sagemcom and ActionTec, crippling internet services for many, especially in rural and underserved communities. The culprit: a malicious firmware update linked to the Chalubo malware, which erased the routers’ operational code, rendering them inoperable.
Chalubo, first detected in 2018, typically enlists devices into botnets for DDoS attacks. However, in this incident, the malware’s destructive capabilities were fully unleashed. Hackers exploited weak credentials or exposed administrative interfaces to install the malicious firmware. The extent of the damage required complete hardware replacements for affected users, impacting emergency services, agricultural monitoring, and healthcare access in affected areas.
The researchers noted that this incident is unprecedented in scale and severity, with over 49% of the ISP’s modems inoperable. The attack’s precise method of distribution remains unclear, underscoring the need for robust cybersecurity measures and vigilance against potential vulnerabilities.
Lumen’s findings highlight the critical importance of securing internet infrastructure and prompt further investigation to prevent similar future attacks. The mysterious nature and the severe impact of this cyberattack make it one of the most significant threats to America’s telecommunications sector to date.
