Big Cyber Attack Overthrows Hundreds Of Thousands Of Internet Routers In US Central Region
JAKARTA - An unidentified hacker group has reportedly launched a mass cyberattack against a telecommunications company in the heart of the United States at the end of last year. This attack has disabled hundreds of thousands of internet routers, according to research published on Thursday, May 30.
Security analysts from Black Lotus Labs, the Lumen Technologies division, found the attack in recent months and reported it in a blog post.
The incident in October, which was not disclosed at the time, deactivated more than 600,000 internet routers. Independent experts say that the attack appears to be one of the toughest cyberattacks ever to happen to America's telecommunications sector.
Researchers say hackers installed malicious software that interfered with internet access from October 25 to 27 in a number ofagnetic states. They found the malware, which continues to circulate, on the internet a few months later via a specific file link left by hackers.
The report did not name the company that was attacked. Lumen also did not associate the attack with any specific state or group. The researchers say that the attackers use general methods that make it difficult to identify them.
Internet routers are disabled when malicious firmware updates are sent to company customers who delete router operational code elements, making them not working. How the firmware update is sent to users is unclear.
"We consider with high confidence that the malicious firmware update is a deliberate act aimed at causing blackouts," Lumen reported. "This kind of destructive attack is very worrying, especially in this case."
A detailed comparison and description of events in Lumen's report with internet blackouts on the date of the attack pointed at one entity: Arkansas-based internet service provider, Windstream.
A Windstream spokesman declined to comment, as did the FBI. The National Security Agency and the Department of Homeland Security referred questions to the FBI.
The researchers described the potential consequences of the attack as serious.
SEE ALSO:
"Most of these ISP service areas cover rural or underdeveloped communities; places where residents may lose access to emergency services, agricultural issues may lose important information from long-range monitoring of plants during harvest, and healthcare providers are cut off from remote health services or patient records," the researchers wrote.
There are no public signs of the incident. On social media platform Reddit, users who identify themselves as Windstream subscribers post complaints about strange outages starting around October 25, the date Lumen notes.
Reddit users explain how their routers can't connect to their internet providers so they can't access the internet. Users say that Windstream requires them to restore the routers they disable to replace with new devices because remote repairs don't appear possible.
It is not yet clear whether the FBI, which is responsible for cybercrime investigations in the US, has been notified of the hack. But private companies often choose not to disclose such incidents.