Independent experts have suggested that this could be one of the most serious cyberattacks against America’s telecommunications sector.
Late last year, an unidentified hacking group launched a massive cyberattack on a telecommunications company in the U.S. heartland, disabling hundreds of thousands of internet routers, according to research published Thursday. The attack, which occurred in October, took more than 600,000 internet routers offline and disrupted internet access across several Midwest states from October 25 to 27. The incident was discovered by security analysts with Lumen Technologies’ Black Lotus Labs.
Lumen’s report did not disclose the name of the affected company, nor did it attribute the attack to any specific country or group. The researchers explained that the hackers used common methods, making it harder to identify them. The routers were disabled through a malicious firmware update that deleted critical operational code, rendering the devices inoperable. The exact method used to distribute the firmware update to users remains unclear.
“We assess with high confidence that the malicious firmware update was a deliberate act intended to cause an outage,” Lumen’s report stated. “Destructive attacks of this nature are highly concerning, especially so in this case.”
Independent experts have suggested that this could be one of the most serious cyberattacks against America’s telecommunications sector. The attack primarily affected rural or underserved communities, where residents may have lost access to emergency services, farming operations could have been disrupted, and healthcare providers might have been cut off from telehealth services or patient records.
A comparison of details in Lumen’s report with internet outages around the dates of the attack points to Arkansas-based internet service provider Windstream. However, a spokesperson for Windstream declined to comment, and the FBI, National Security Agency, and Homeland Security Department referred inquiries to the FBI.
There are few public signs of the incident, but self-identified Windstream customers on Reddit reported a strange outage beginning around October 25. They described how their routers would not connect to the internet and that Windstream required them to return the disabled routers for new devices, as a remote fix was not possible.
It is unclear if the FBI, which handles U.S. cybercrime investigations, was notified of the hack. Often, private companies choose not to disclose such incidents.
