Massive Hack Wipes Out 600,000 Internet Routers

Crypto Wallet Vulnerability Uncovered

If you have a crypto wallet, be cautious. Researchers discovered a flaw in an older version of the RoboForm password manager. This vulnerability allowed them to accurately guess missing login details and access hidden assets.

Law Enforcement Tactics Against Ransomware

Police in Western countries are employing new strategies against ransomware groups like LockBit. These tactics include posting messages on seized websites to create distrust among cybercriminals. Experts believe these methods help sow discord among hackers.

Major Botnet Takedown

This week, the US authorities dismantled a significant botnet called 911 S5, which had hijacked 19 million IP addresses globally. According to FBI director Christopher Wray, this botnet was involved in Covid-19 relief fraud, bomb threats, and trafficking in child abuse material.

Weekly Security News Roundup

Every week, we compile security news that we didn’t cover in-depth. Click the headlines to read the full stories and stay safe out there.

Mysterious Hack Destroyed 600,000 Internet Routers

Last year, over half a million internet routers were disabled in a malware attack targeting a US internet service provider. The attack, which occurred in late October, disrupted internet services across several Midwestern states. Black Lotus Labs disclosed the incident, which reportedly affected Windstream, an ISP serving 18 states in the US Midwest and South.

Researchers from Black Lotus Labs revealed that the attacker used Chalubo malware to access the routers, eventually overwriting their firmware and rendering them useless. This led to numerous complaints on forums about the damaged routers.

“The routers now just sit there with a steady red light on the front,” a user wrote on the DSLReports forum. “They won’t even respond to a RESET.”

Whistleblower Claims US “Falsified” Gaza Report to Protect Arms Sales

The Biden administration allegedly altered a report to protect arms sales to Israel, according to whistleblower Stacy Gilbert, a senior civil-military expert who resigned in protest. The report, released in early May, claimed the US lacked complete information to verify whether US-made weapons were used by Israel in violation of international humanitarian law. Gilbert asserts that the report was edited at a higher level to remove evidence implicating Israel in restricting food and medical supplies to Gaza.

The report was a mandatory national security assessment that could have halted US arms sales to Israel if violations were found. Critics of the administration’s Gaza policy accused the White House of ignoring Israeli forces’ actions to disrupt food deliveries to Gaza. Gilbert is the second US official to resign this week in protest over the US’s involvement in the attacks.

“Operation Endgame” Knocks Down Botnet Underworld

An international coalition of law enforcement agencies, cybersecurity firms, and other organizations announced the disruption of large parts of the global botnet ecosystem. Branded “Operation Endgame,” the effort targeted malware droppers like IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. According to Europol, authorities seized over 100 servers and 2,000 websites linked to cybercriminal activity. Law enforcement also arrested four high-value individuals, with Germany adding eight others to its most-wanted list. One main suspect amassed a cryptocurrency fortune worth 69 million euros ($74 million) by renting out infrastructure for ransomware attacks. The Operation Endgame website indicates a new announcement is coming soon.

Pro-Israel Influence Op, Driven by AI, Targeted Americans on Meta Apps

Meta has shut down an AI-driven network of fake Facebook and Instagram accounts linked to the Israeli business intelligence firm Stoic. The company is accused of accepting contracts to spread inauthentic pro-Israel content to manipulate North American users’ political views. Meta claimed Stoic’s influence operation was still in its “audience building” phase, “before they were able to gain engagement among authentic communities.”