Lumen Technologies’ Black Lotus Labs discovered a massive cyber attack that caused over 600,000 routers from a single ISP to be rendered inoperable between October 25-27. The attack was attributed to the Chalubo remote access trojan, known for its obfuscation techniques. Surprisingly, the malware was highly active in late 2023 and early 2024, targeting SOHO devices with DDoS capabilities. The attack was isolated to one ASN, affecting rural and underserved communities. The malware’s Lua functionality allowed for execution of arbitrary scripts. The report highlights the sophisticated infection process and the global impact of the Chalubo malware family.
https://blog.lumen.com/the-pumpkin-eclipse/