A mysterious malware has caused havoc by destroying over 600,000 routers from a single Internet Service Provider (ISP) within a span of 72 hours. The incident, dubbed “Pumpkin Eclipse,” left many customers without internet access for several days.
The malware attack started on October 25, when customers of the ISP, known as Windstream, began reporting that their routers had suddenly stopped working and remained unresponsive to reboots and other attempts to revive them. Many users blamed the ISP for the mass bricking, believing it was the result of the company pushing updates that poisoned the devices.
Windstream’s Kinetic broadband service, which has about 1.6 million subscribers across 18 states, provides an essential link to the outside world for many customers. The outage caused significant financial losses for many customers, especially those who work from home.
After determining that the routers were permanently unusable, Windstream sent new routers to affected customers. However, the company has not provided an explanation for the outage.
Security firm Lumen Technologies’ Black Lotus Labs shed some light on the incident in a report. The researchers believe that an unknown threat actor with equally unknown motives used a commodity malware known as Chalubo to overwrite the router firmware, rendering the devices useless. The actor took deliberate steps to cover their tracks, making it difficult to identify them.
Read more: arstechnica.com