Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Attackers use the Chalubo trojan to render over 600,000 ActionTec routers inoperable

Reports of malfunction first started coming in on October 25, 2023

3 min. read

Published onMay 31, 2024

published onMay 31, 2024

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

A recently published report sheds light on what caused over600,000ActionTec routers to stop functioning altogether, reports of which first emerged inOctober’23. The two router models primarily affected wereActionTec T3200andActionTec T3260!

According to thereport by Lumen Technologies’s Black Lotus Labs, thousands of users, subscribed to a single ISP(Internet Service Provider), started facing issues with theirActionTecrouters betweenOctober 25-27, 2023. They lost access to the Internet, and on checking, the router displayed a steady red light.

The company promptly replaced all the 600,000 affected routers, as the attack rendered them permanently inoperable.

During the investigation, this massiveActionTecrouter malfunction was attributed to an attack, codenamedThe Pumpkin Eclipse, usingChalubo, a remote access trojan. According to the report,

While the researchers haven’t yet been able to identify the vulnerability exploited by threat actors to gain access, they suggest it was either the weak credentials or an exposed administrative interface. According to the researchers,

Researchers, on inspection, discovered that the attack was well-executed, leaving no traces of theChaluboon the infectedActionTecdevices.

However, one mistake by the threat actors helped researchers identify that the attack was linked to theChalubotrojan. The report says,

Researchers atBlackLotusLabshighlight how the attack onActionTecrouters was unique for two reasons. First, it was the sheer scale that necessitated the replacement of over600,000routers, especially when the attack didn’t appear to have links with state-backed entities.

Second, the attack was limited to a specific ASN(Autonomous System Number)and single ISP, which usually isn’t the case.

Another concerning aspect of the recentChaluboattack is that most of the affected users were located in rural parts, making the recovery phase a lot more challenging. Besides, the outage led to thousands losing access to the Internet, including emergency services and critical data.

At present, there is rather limited information about theChaluboattack onActionTec. We hope to get more insights in the coming days as further research is carried out around the attack.

The whole episode begs the question, are we doing enough to stop AI from falling into the hands of threat actors? Because it is, undoubtedly, theultimate tool for cyberattacks!

What actions do you think will reduce the likelihood of similar attacks in the future? Share with our readers in the comments section.

More about the topics:router,security threats,trojan

Kazim Ali Alvi

Windows Hardware Expert

Kazim has always been fond of technology, be it scrolling through the settings on his iPhone, Android device, or Windows PC. He’s specialized in hardware devices, always ready to remove a screw or two to find out the real cause of a problem.

Long-time Windows user, Kazim is ready to provide a solution for your every software & hardware error on Windows 11, Windows 10 and any previous iteration. He’s also one of our experts in Networking & Security.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Kazim Ali Alvi

Windows Hardware Expert

Kazim is specialized in hardware devices, always ready to remove a screw or two to find out the real cause of a problem.