BLACK LOTUS LABS®

We’re defenders of a clean internet, proactively disrupting ~150 C2s per month through takedowns and notifications.

The Key to Identifying and Thwarting Threats: Network Visibility.

WATCH WEBINAR

See more. Stop more.®

The Black Lotus Labs® mission is to leverage our network visibility to both help protect your business and keep the internet clean. Follow us on Twitter @BlackLotusLabs®.

 

  • ~200B+ NetFlow sessions monitored daily
  • ~1B DNS queries collected per day for continuous learning
  • ~46,000 C2s monitored daily

 

VIDEO (1:52)

Black Lotus Labs sees and disrupts threats that others can't, our mission is to keep the internet clean.
Black Lotus Labs sees and disrupts threats that others can't, our mission is to keep the internet clean. PlayButton

Resources

No rest for the wicked: HiatusRAT takes little time off in a return to action

In March 2023, Lumen Black Lotus Labs reported on a complex campaign called “HiatusRAT” that infected over 100 edge networking devices globally. 

READ BLOG

No rest for the wicked: HiatusRAT takes little time off in a return to action

In March 2023, Lumen Black Lotus Labs reported on a complex campaign called “HiatusRAT” that infected over 100 edge networking devices globally. 

Routers From The Underground: Exposing AVrecon

Lumen Black Lotus Labs® identified a complex operation that infects small-office/home-office (SOHO) routers we’ve dubbed “AVrecon.”

READ BLOG

Routers From The Underground: Exposing AVrecon

Lumen Black Lotus Labs® identified a complex operation that infects small-office/home-office (SOHO) routers we’ve dubbed “AVrecon.”

Qakbot: Retool, Reinfect, Recycle

Using Black Lotus Labs’ global visibility, we have tracked Qakbot’s more recent campaigns to observe the network structure, and gained key insights into the methods that support Qakbot’s reputation as an evasive and tenacious threat.

READ BLOG

Qakbot: Retool, Reinfect, Recycle

Using Black Lotus Labs’ global visibility, we have tracked Qakbot’s more recent campaigns to observe the network structure, and gained key insights into the methods that support Qakbot’s reputation as an evasive and tenacious threat.

New HiatusRAT Router Malware Covertly Spies on Victims

Lumen Black Lotus Labs identified a new campaign involving compromised routers. HiatusRAT allows threat actors to remotely interact with the system.

READ BLOG

New HiatusRAT Router Malware Covertly Spies on Victims

Lumen Black Lotus Labs identified a new campaign involving compromised routers. HiatusRAT allows threat actors to remotely interact with the system.

CLDAP Reflectors on the Rise Despite Best Practice

Black Lotus Labs is tracking a rise in misconfigured CLDAP services that are being abused in DDoS reflection attacks.

READ BLOG

CLDAP Reflectors on the Rise Despite Best Practice

Black Lotus Labs is tracking a rise in misconfigured CLDAP services that are being abused in DDoS reflection attacks.

Black Lotus Labs® Blog Archive

Read our full archive of blogs to learn more about the threat landscape.

READ BLOG

Black Lotus Labs® Blog Archive

Read our full archive of blogs to learn more about the threat landscape.