Please update your browser.

Our site no longer supports this browser. Using another one will help provide a better experience.


We are defenders of a clean internet, proactively taking down ~75 C2s per month.

We see more, 

so we can stop more.

The Black Lotus Labs® mission is to leverage our network visibility to both help protect your business and keep the internet clean. Follow us on Twitter @BlackLotusLabs®.


  • ~195B NetFlow sessions monitored daily
  • ~1B DNS queries collected per day for continuous learning
  • ~42,000 C2s monitored daily


Black Lotus Labs


New Konni Campaign Kicks Off The New Year By Targeting Russian Ministry Of Foreign Affairs

Black Lotus Labs, the threat research team of Lumen Technologies, uncovered a series of targeted actions against the Russian Federation’s Ministry of Foreign Affairs (MID).

No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables Deployed as Stealth Windows Loaders

Black Lotus Labs recently identified several malicious files that were written primarily in Python and compiled in the Linux binary format ELF (Executable and Linkable Format) for the Debian operating system.

ReverseRat Re-emerges with a (Night)Fury New Campaign and New Developments, Same Familiar Side-Actor

After publishing our initial research, we have continued to track this actor and recently uncovered an updated version of the ReverseRat agent, which we are calling ReverseRat 2.0.

Charting the Real-World Application of CTFs

At Black Lotus Labs, we participate in CTFs to understand how threat actors could circumvent security controls, exploit software vulnerabilities and chain multiple attack techniques.

Suspected Pakistani Actor Compromises Indian Power Company With New ReverseRat

Lumen’s Black Lotus Labs detected a new remote access trojan we are calling ReverseRat.

Black Lotus Labs® Blog Archive

Read our full archive of blogs to learn more about the threat landscape.

Powered by GlobalLink OneLink SoftwarePowered By OneLink