06-06-2024, 10:26 PM
Looks like another website has picked up the topic...
From HITB.org: This malware botnet bricked over 600,000 routers in coordinated attack — but no one is really sure why
In the report, the researchers said that a piece of commodity remote access trojan (RAT) called Chalubo compromised hundreds of thousands of SOHO routers, consisting of three specific models: ActionTec T3200s, ActionTec T3260s, and Sagemcom F5380, all belonging to the same ISP. Chalubo pulled these routers into the botnet which, among other things, was capable of running distributed denial of service (DDoS) attacks.
Then, between October 25 and 27, 2023, the routers started dying. While Black Lotus did not name the ISP being attacked, BleepingComputer said that the attack “bears a striking resemblance” to the Windstream outage, since its users started reporting dead routers on October 25.
From HITB.org: This malware botnet bricked over 600,000 routers in coordinated attack — but no one is really sure why
In the report, the researchers said that a piece of commodity remote access trojan (RAT) called Chalubo compromised hundreds of thousands of SOHO routers, consisting of three specific models: ActionTec T3200s, ActionTec T3260s, and Sagemcom F5380, all belonging to the same ISP. Chalubo pulled these routers into the botnet which, among other things, was capable of running distributed denial of service (DDoS) attacks.
Then, between October 25 and 27, 2023, the routers started dying. While Black Lotus did not name the ISP being attacked, BleepingComputer said that the attack “bears a striking resemblance” to the Windstream outage, since its users started reporting dead routers on October 25.
