Please update your browser.

Our site no longer supports this browser. Using another one will help provide a better experience.


We are defenders of a clean internet, proactively taking down ~75 C2s per month.

We see more, 

so we can stop more.

The Black Lotus Labs® mission is to leverage our network visibility to both help protect your business and keep the internet clean. Follow us on Twitter @BlackLotusLabs®.


  • ~195B NetFlow sessions monitored daily
  • ~1B DNS queries collected per day for continuous learning
  • ~42,000 C2s monitored daily


Black Lotus Labs


Suspected Pakistani Actor Compromises Indian Power Company With New ReverseRat

Lumen’s Black Lotus Labs detected a new remote access trojan we are calling ReverseRat.

Hacktivist Campaign Spreads Manifesto Through Router Configuration Files

The Black Lotus Labs® team at Lumen Technologies recently discovered a hacktivist campaign affecting internet-exposed routers and switches that occurred primarily on May 13, 2021.

Tracking UDP Reflectors for a Safer Internet

In recent years, Distributed Denial of Service (DDoS) events have become an ever-present threat, featuring attack traffic pushing to levels measured in terabits per second (Tbps).

Newly Discovered Watering Hole Attack Targets Ukrainian, Canadian Organisations

Black Lotus Labs’® analysis has uncovered a cluster of compromised websites previously used in a series of watering hole attacks.

The Reemergence Of Ransom-Based Distributed Denial Of Service (RDDoS) Attacks

Since the second half of 2020, Lumen Black Lotus Labs® has observed an unsettling number of entities receiving emails containing a threat of sustained DDoS attack unless a Bitcoin ransom was paid.

Black Lotus Labs® Blog Archive

Read our full archive of blogs to learn more about the threat landscape.

Powered by GlobalLink OneLink SoftwarePowered By OneLink