Black Lotus Labs Archives

Authorities takedown global proxy network SocksEscort

The botnet, which compromised routers and IoT devices in 163 countries, claimed about 369,000 victims and $5.8 million from its cybercriminal customers, officials said.

6 days ago By Matt Kapko

Digital generated image of multicolored particles forming eye shape against black background. (Getty Images)

Kimwolf botnet’s swift rise to 2M infected devices agitates security researchers

The botnet took an unusual path by abusing residential proxy networks, allowing it to control an untapped collection of unofficial Android TV devices.

Jan 14, 2026 By Matt Kapko

New backdoor discovered that specifically targets Juniper routers

Researchers at Black Lotus Labs have uncovered an operation where a back door is dropped onto enterprise-grade Juniper Networks routers and listens for specific network signals, known…

Jan 23, 2025 By Greg Otto

The Russian flag flies over the country’s embassy in Washington, D.C., on Feb. 16, 2024. (Photo by Brendan SMIALOWSKI / AFP)

Russian-linked Turla caught using Pakistani APT infrastructure for espionage

Both Microsoft and Lumen’s BlackLotus Labs found Turla spying on Afghanistan and India via Pakistani infrastructure.

Dec 4, 2024 By Greg Otto

Botnet serving as ‘backbone’ of malicious proxy network taken offline

Lumen Technology’s Black Lotus Labs took the ngioweb botnet and NSOCKS proxy offline Tuesday.

Nov 19, 2024 By Greg Otto

FBI joint operation takes down massive Chinese botnet, Wray says

Flax Typhoon targeted critical infrastructure in the U.S. and abroad, and Black Lotus Labs researchers observed a “large scanning effort” targeting U.S. military and government.

Sep 18, 2024 By Tim Starks AJ Vicens Christian Vasquez