Benjamin Carr, Ph.D. 👨🏻‍💻🧬Jun 14, 2024
Mystery #malware destroys 600,000 #routers from a #Windstream's Kinetic #ISP during 72-hour span
Incident, "#PumpkinEclipse," believed to be result of deliberate attack using commodity malware, #Chalubo to overwrite #router #firmware. Windstream, which has about 1.6 million subscribers in 18 states, has not provided an explanation for outage. Company sent replacement routers to affected customers, many of whom reported significant financial losses due to the disruption.
https://arstechnica.com/security/2024/05/mystery-malware-destroys-600000-routers-from-a-single-isp-during-72-hour-span/
Mystery malware destroys 600,000 routers from a single ISP during 72-hour span

An unknown threat actor with equally unknown motives forces ISP to replace routers.

Ars Technica
Richi JenningsMay 31, 2024

Kit from #ActionTec and #Sagemcom remotely ruined and required replacement.

Almost half of #Windstream’s #Kinetic broadband users found their home routers completely dead, thanks to a malicious botnet known as #Chalubo. This happened seven months ago, but has only now come to light—via researchers who dubbed it #PumpkinEclipse.

It has echoes of Ukrainian #ISP modems mysteriously self destructing, just before the 2022 Russian invasion. In #SBBlogwatch, we wonder if this was a test of something bigger. At @TechstrongGroup’s @SecurityBlvd: https://securityboulevard.com/2024/05/pumpkin-eclipse-windstream-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

‘Pumpkin Eclipse’ — 600,000+ Rural ISP Routers Bricked Beyond Repair

Daft name, serious risk: Kit from ActionTec and Sagemcom remotely ruined and required replacement.

Security Boulevard