600,000 routers at an American internet provider malfunctioned due to rogue firmware updates in October last year, say researchers from cybersecurity company Lumen. The attack took place in the period from October 25 to 27.
The attack was carried out on three different types of routers: the ActionTec T3200s, ActionTec T3260s and Sagemcom F5380. Lumen researchers say the attackers deliberately wanted to cause a large-scale outage, but the precise motive and who is behind the attack are unknown.
After installing the rogue firmware update, the routers stopped working to work. All affected routers had to be replaced. That is unique, say the researchers, who have rarely seen an attack that required replacing routers on such a large scale. According to Lumen, it also took longer to deliver and install new routers because a large proportion of affected households are in rural areas.
Another peculiarity is that the attack was limited to the provider's ASN . Normally hackers target one type of router, while in this case the attack was carried out on three different types from different manufacturers. The researchers managed to identify some of the malware, but it is still not clear how the hackers managed to install the update on so many devices.
Leave a Reply
You must be logged in to post a comment.