A cyber assault targeting internet routers operating in the United States has caused widespread disruption, affecting over 600,000 devices and marking one of the most significant router attacks in American history.
Discovered by Black Lotus Labs, a division of Lumen Technologies, in April 2024, the attack occurred during October and November of the previous year but was only disclosed to the public recently.
While security experts believe the attack to be the work of state-sponsored hackers, official details regarding the breach have yet to be revealed as investigations are ongoing.
Reports indicate that the attack utilized a malicious software update that continues to circulate online, capable of deeply infecting routers by deleting their operational code, rendering them inoperable.
The perpetrators engineered the malware disguised as a firmware update and distributed it through the software update servers of Windstream, a prominent telecommunications company based in Arkansas and a major Internet Service Provider (ISP).
In response to the incident, the FBI and other national security agencies have dispatched agents to Windstream’s facilities for further investigation. However, Windstream has refrained from issuing any official statements as its internal inquiry is still underway.
Lumen’s reports shed light on complaints from Windstream customers, who expressed frustration on platforms like Reddit regarding disruptions experienced between October 25th and October 28th, 2023. During this period, Windstream advised affected users to request device replacements, which were fulfilled within two weeks. However, the company has remained silent regarding the router hack incident.
Notably, neither the FBI nor any other law enforcement agencies, including the SEC, have acknowledged the incident, which, according to existing data breach laws, should have been reported within 30 days of discovery.