Hundreds of thousands of US internet routers destroyed in newly discovered cyberattack
An unidentified hacking group launched a massive cyberattack on a telecommunications company in the U.S. heartland late last year that disabled hundreds of thousands of internet routers, according to research published Thursday.
Security analysts with Lumen Technologies' Black Lotus Labs discovered the attack in recent months and reported on it in a blog post.
Discovery of the Attack
The October incident, which was not disclosed at the time, took more than 600,000 internet routers offline. Independent experts said it appeared to be one of the most serious cyberattacks ever against America's telecommunications sector.
The researchers said the hackers installed malicious software that disrupted internet access from Oct. 25 to 27 across numerous Midwest states. The analysts found the malware, which continued circulating, on the internet months later through certain file links that the hackers left visible.
Impact of the Attack
The internet routers were disabled when a malicious firmware update sent to the company's customers deleted elements of the routers' operational code, making them effectively inoperable.
“We assess with high confidence that the malicious firmware update was a deliberate act intended to cause an outage,” Lumen's report said. “Destructive attacks of this nature are highly concerning, especially so in this case."
Identification and Response
A comparison of details and event descriptions in the Lumen report with internet outages on the dates of the attack pointed to one entity: Arkansas-based internet service provider Windstream.
A spokesperson for Windstream declined to comment as did the FBI. The National Security Agency and Homeland Security Department referred inquiries to the FBI.
Public Response
There are few public signs of the incident. On the social media platform Reddit, self-identified Windstream customers posted complaints about a strange outage beginning around Oct. 25.
It was not clear if the FBI, which is in charge of investigating U.S. cybercrimes, was notified of the hack. But private companies often elect not to disclose such incidents.
(Reporting by Christopher Bing; Editing by Cynthia Osterman)
