Hundreds of thousands of US internet routers destroyed in newly discovered 2023 hack

FILE PHOTO: A projection of cyber code on a hooded man is pictured in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration//File Photo

WASHINGTON (Reuters) - - An unidentified hacking group launched a massive cyberattack on a telecommunications company in the U.S. heartland late last year that disabled hundreds of thousands of internet routers, according to research published Thursday.

Security analysts with Lumen Technologies' Black Lotus Labs discovered the attack in recent months and reported on it in a blog post.

The October incident, which was not disclosed at the time, took more than 600,000 internet routers offline. Independent experts said it appeared to be one of the most serious cyberattacks ever against America’s telecommunications sector.

The researchers said the hackers installed malicious software that disrupted internet access from Oct. 25 to 27 across numerous Midwest states. The analysts found the malware, which continued circulating, on the internet months later through certain file links that the hackers left visible.

The report did not name the company that was attacked. Nor did Lumen attribute the hack to a particular country or known group. The researchers said the saboteurs used common methods which made them harder to identify.

The internet routers were disabled when a malicious firmware update sent to the company's customers deleted elements of the routers’ operational code, making them effectively inoperable. Exactly how the firmware update was shipped to users was unclear.

“We assess with high confidence that the malicious firmware update was a deliberate act intended to cause an outage,” Lumen's report said. “Destructive attacks of this nature are highly concerning, especially so in this case."

A comparison of details and event descriptions in the Lumen report with internet outages on the dates of the attack pointed to one entity: Arkansas-based internet service provider Windstream.

A spokesperson for Windstream declined to comment as did the FBI. The National Security Agency and Homeland Security Department referred inquiries to the FBI.

The researchers described the potential consequences from the attack as serious.

"A sizeable portion of this ISP’s service area covers rural or underserved communities; places where residents may have lost access to emergency services, farming concerns may have lost critical information from remote monitoring of crops during the harvest, and health care providers cut off from telehealth or patients’ records,” the researchers wrote.

There are few public signs of the incident. On the social media platform Reddit, self-identified Windstream customers posted complaints about a strange outage beginning around Oct. 25, the date noted by Lumen.

The Reddit users described how their routers would not connect to their internet provider so they could not access the internet. The users said Windstream was requiring them to return their disabled routers for new devices because a remote fix did not seem possible.

It was not clear if the FBI, which is in charge of investigating U.S. cybercrimes, was notified of the hack. But private companies often elect not to disclose such incidents.

(Reporting by Christopher Bing; Editing by Cynthia Osterman)

Follow us on our official WhatsApp channel for breaking news alerts and key updates!


Next In Tech News

Waymo updating robotaxis after self-driving vehicle crashes into pole
Bill Gates says he was a ‘misfit’ as a kid who clashed with his parents and almost got kicked out of college
What happened to the likes? X is now hiding which posts you like from other users
Alphabet hit with Austrian privacy complaint over alleged browser tracking
Opinion: How safe are driverless cars in China? I rode in some to see.
China is testing more driverless cars than any other country
Nasa accidentally broadcasts simulation of distressed astronauts on space station
Japan enacts law ensuring access to third-party apps
Amazon, Vrio to launch satellite internet in South America, competing with Starlink
Fired SpaceX workers sue Elon Musk over workplace abuses

Others Also Read