Explore cybersecurity trends, news and insights from the experts at Black Lotus Labs, the threat research and operations arm of Lumen.
Executive Summary The Black Lotus Labs team at Lumen Technologies has uncovered new infrastructure behind the “SystemBC” botnet, a network composed of over 80 C2s with a daily average of 1,500 victims, nearly 80% of which are compromised VPS systems […]
Note: This research was conducted and is presented as a collaboration between Black Lotus Labs, Team Cymru, and other partners. We stand by the assessments in the combined analysis presented in this research. Executive Summary DanaBot first emerged in […]
Executive Summary Along with the Department of Justice and the Dutch National Police, Lumen’s Black Lotus Labs team has tracked a criminal proxy network for over a year as it infected thousands of IOT and end-of-life (EoL) devices, powering a […]
Executive Summary The Black Lotus Labs team at Lumen Technologies has been tracking the use of a backdoor attack tailored for use against enterprise-grade Juniper routers. This backdoor is opened by a passive agent that continuously monitors for a “magic […]
Executive Summary Lumen Black Lotus Labs has uncovered a longstanding campaign orchestrated by the Russian-based threat actor known as “Secret Blizzard” (also referred to as Turla). This group has successfully infiltrated 33 separate command-and-control (C2) nodes used by Pakistani-based actor, […]
Executive Summary The Black Lotus Labs team at Lumen Technologies has expanded the known architecture of the “ngioweb” botnet, its use as a cornerstone of the notorious criminal proxy service known as NSOCKS, and appropriation by others such as VN5Socks […]
Executive Summary In mid-2023, Black Lotus Labs began an investigation into compromised routers that led to the discovery of a large, multi-tiered botnet consisting of small office/home office (SOHO) and IoT devices that we assess is likely operated by the […]
Executive Summary The Black Lotus Labs team at Lumen Technologies discovered active exploitation of a zero-day vulnerability in Versa Director servers, identified as CVE-2024-39717 and publicly announced on August 22, 2024. This vulnerability is found in Versa software-defined wide area […]
Executive Summary Revision June 7, 2024: As this story has developed, we have received feedback from a vendor/partner. While we observed a drop in activity associated with multiple router models based on scan data, we assess that ActionTec routers were […]
Executive Summary: The Black Lotus Labs team at Lumen Technologies is tracking a malware platform we’ve named Cuttlefish, that targets networking equipment, specifically enterprise-grade small office/home office (SOHO) routers. This malware is modular, designed primarily to steal authentication material found […]
