Lumen And Black Lotus Labs: Leading The Charge In Cybersecurity

In a significant achievement, Lumen Technologies has been named the 2024 Threat Intelligence Company of the Year as part of the CyberSecurity Breakthrough Awards. This esteemed recognition highlights our commitment to excellence in delivering cutting-edge cybersecurity solutions. Lumen Technologies, with our Threat Research and Operations arm Black Lotus Labs^®, stands out as a leader in the cybersecurity industry, and this recent accolade is a testament to our expertise and dedication.

The CyberSecurity Breakthrough Awards celebrate excellence in information security products and companies on a global scale. Being honored as the 2024 Threat Intelligence Company of the Year underscores our relentless efforts to innovate and enhance our cybersecurity offerings, helping ensure that our clients’ digital environments are protected.

This accolade highlights the exceptional work of Lumen in the crowded cybersecurity industry, where we have consistently demonstrated our ability to protect businesses and maintain the integrity of the internet specifically through Black Lotus Labs.

Seeing More, Stopping More

Lumen operates the #1 peered global network,¹ providing Black Lotus Labs the ability to see far more data and network activity than traditional threat researchers. By automating protection and proactively neutralizing threats, Black Lotus Labs uses global network data flows combined with machine learning algorithms to detect, classify and validate malicious actors worldwide. This extensive visibility allows us to proactively identify and eliminate cyberthreats, helping to protect data and applications in an ever-changing environment. Each day, Black Lotus Labs monitors:

• 200+ billion netflow sessions
• 1 billion DNS queries
• 3 million unique threats
• 46,000 C2 servers

This massive volume of data enables the team to identify patterns of malicious behavior and infrastructure, providing high confidence in their threat validation. Most importantly, it allows Black Lotus Labs to disrupt more than 150 C2s per month through takedowns and notifications, fulfilling our mission to protect customers and help keep the internet clean. This approach has led to the discovery and disruption of some of the most significant threats to U.S. agencies and organizations.

Automated Defense

Black Lotus Labs’ proactive monitoring blocks malicious traffic before it reaches the customer’s environment. Automatic protection is integrated into most of the Lumen security portfolio, easing the burden on customers’ internal resources by automating their security strategy and reducing threat alerts. For example, Lumen recently introduced Lumen Defender℠ powered by Black Lotus Labs to combat the growing number of cyberattacks targeting business networks.

Leading Threat Research

Black Lotus Labs’ threat researchers are at the forefront of understanding emerging threats, especially botnets and malware targeting networking devices. Their notable discoveries include:

• Raptor Train: The largest Chinese state-sponsored botnet to date, which was used to attack government and defense organizations globally.
• Volt Typhoon’s Versa SD-WAN 0-day: Vulnerability used by Chinese state-sponsored actors to target communications organizations.
• KV-Botnet: A botnet used by Chinese nation-state cyber actors used for targeting critical infrastructure and municipal governments.
• TheMoon: A multi-year campaign targeting outdated SOHO routers and IoT devices.
• Cuttlefish: Modular malware targeting enterprise-grade SOHO routers to steal authentication data.
• ZuoRAT: A complex campaign against SOHO routers, intercepting and hijacking traffic.
• HiatusRAT: Targeting sensitive information within U.S. government networks and small- to medium-sized businesses.
• AVrecon: The largest SOHO-router botnet ever seen, operating undetected for two years.
• Qakbot: A potent malware and ransomware distribution network, with infrastructure null-routed by Black Lotus Labs, halting its operations.

Black Lotus Labs integrates threat intelligence from these campaigns into our Lumen security solutions, helping to quickly detect these threats in the future. We also share our research with the broader security community to enhance collective cybersecurity efforts.

Why Lumen?

Lumen with Black Lotus Labs sets the standard in cybersecurity with cutting-edge research that enhances Lumen security products. By openly sharing our insights, we strengthen the broader infosec community and contribute to a safer internet for all. Our recognition as the Threat Intelligence Company of the Year reflects our commitment to innovation, transparency and relentless dedication to protecting your digital ecosystem.

¹The Center for Applied Internet Data Analysis (CAIDA), AS Rank, March 2024.

This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. All third-party company and product or service names referenced in this article are for identification purposes only and do not imply endorsement or affiliation with Lumen. This document represents Lumen products and offerings as of the date of issue. Services not available everywhere. Lumen may change or cancel products and services or substitute similar products and services at its sole discretion without notice. ©2025 Lumen Technologies. All Rights Reserved.