600,000 routers of US operator Windstream 'bricked' by Chalubo virus

TapTechNews June 2nd news. Recently, security company Lumen Technologies released an activity report on the botnet virus Chalubo, showing that the virus hacked into the US operator Windstream last October, making 600,000 routers under this operator 'bricked'. These routers are reportedly completely damaged and cannot be repaired by firmware updates/resets, and relevant users can only replace the equipment.

It is reported that Lumen found a large number of users complaining that the router devices of Windstream suddenly had a red light and couldn't be used from the public opinion report in October last year. And after relevant users called the ISP customer service hotline, they were informed that the entire equipment had to be replaced.

After that, the security company observed through telemetry data and found that the number of online routers under Windstream decreased significantly within a week. Among them, the number of ActionTec brand routers decreased by 179,000, and the number of Sagemcom brand routers decreased by 480,000. After analysis, the security company believes that these 600,000 routers were damaged by the Chalubo botnet virus.

It is learned that the Chalubo botnet virus specifically launches attacks against office gateways and Internet of Things devices. The botnet itself has DDoS attack capabilities and can mass-execute any Lua script on the captured devices to carry out more attacks.

Security companies believe that hackers use Lua scripts to make the relevant routers 'bricked', but it is not yet clear why hackers conduct such operations. However, they suggest that users should change the default password in time and should regularly OTA the device firmware.