BLACK LOTUS LABS®

We’re defenders of a clean internet, proactively disrupting ~150 C2s per month through takedowns and notifications.

The Key to Identifying and Thwarting Threats: Network Visibility.

See more. Stop more.®

Black Lotus Labs sees and disrupts threats that others can't, our mission is to keep the internet clean.
Black Lotus Labs sees and disrupts threats that others can't, our mission is to keep the internet clean. PlayButton

Resources

Routers Roasting On An Open Firewall: The KV‑Botnet Investigation

The Black Lotus Labs team at Lumen Technologies is tracking a small office/home office (SOHO) router botnet that forms a covert data transfer network for advanced threat actors. 

Routers Roasting On An Open Firewall: The KV‑Botnet Investigation

The Black Lotus Labs team at Lumen Technologies is tracking a small office/home office (SOHO) router botnet that forms a covert data transfer network for advanced threat actors. 

Taking The Elevator Down To Ring 0 

The Black Lotus Labs team has discovered a highly unique piece of malware designed to compromise the security of the extended Berkeley Packet Filter (eBPF) functionality in the Linux kernel of container‑based operating systems, like CoreOS. 

Taking The Elevator Down To Ring 0 

The Black Lotus Labs team has discovered a highly unique piece of malware designed to compromise the security of the extended Berkeley Packet Filter (eBPF) functionality in the Linux kernel of container‑based operating systems, like CoreOS. 

No rest for the wicked: HiatusRAT takes little time off in a return to action

In March 2023, Lumen Black Lotus Labs reported on a complex campaign called “HiatusRAT” that infected over 100 edge networking devices globally. 

No rest for the wicked: HiatusRAT takes little time off in a return to action

In March 2023, Lumen Black Lotus Labs reported on a complex campaign called “HiatusRAT” that infected over 100 edge networking devices globally. 

Routers From The Underground: Exposing AVrecon

Lumen Black Lotus Labs® identified a complex operation that infects small-office/home-office (SOHO) routers we’ve dubbed “AVrecon.”

Routers From The Underground: Exposing AVrecon

Lumen Black Lotus Labs® identified a complex operation that infects small-office/home-office (SOHO) routers we’ve dubbed “AVrecon.”

Qakbot: Retool, Reinfect, Recycle

Using Black Lotus Labs’ global visibility, we have tracked Qakbot’s more recent campaigns to observe the network structure, and gained key insights into the methods that support Qakbot’s reputation as an evasive and tenacious threat.

Qakbot: Retool, Reinfect, Recycle

Using Black Lotus Labs’ global visibility, we have tracked Qakbot’s more recent campaigns to observe the network structure, and gained key insights into the methods that support Qakbot’s reputation as an evasive and tenacious threat.

Black Lotus Labs® Blog Archive

Read our full archive of blogs to learn more about the threat landscape.

Black Lotus Labs® Blog Archive

Read our full archive of blogs to learn more about the threat landscape.