Lumen APAC

Transformation just got a lot easier

Press Release
Lumen Unveils 2026 Defender Threatscape Report:  Upstream Network Visibility is the New Front Line of Cyber Defence 
Lumen Technologies Lumen Technologies Posted On April 10, 2026
Lumen Unveils 2026 Defender Threatscape Report:  Upstream Network Visibility is the New Front Line of Cyber Defence 

Black Lotus Labs reveals why upstream network visibility is essential to detecting and disrupting disguised proxies, edge exposure, and AI-driven attacks 

Singapore, 9 April 2026 – Lumen Technologies (Lumen) has released its 2026 Lumen Defender Threatscape Report, identifying a fundamental shift in the digital battlefield: the most critical threat signals no longer live on the endpoint, but upstream in the network itself. 

Authored by Black Lotus Labs, Lumen’s threat research and operations arm, the report leverages the company’s position as one of the world’s largest internet backbone operators to document how cyber criminals have evolved into “heist crews” with industrialised, highly coordinated operations. Most notably, it reveals critical insights into how threat actors use disguised proxies, compromised edge devices, and generative AI to pre-stage attacks. 

Key Findings 

The 2026 Threatscape Report identifies critical shifts in how attackers operate: 

  • Generative AI as an Operational Engine: Threat actors are using AI to iterate and regenerate malicious infrastructure at machine speed. This automation helps sustain malicious campaigns, compressing the window between exposure and impact. 
  • Targeting the “Vault Door” at the Edge: As endpoint detection and response (EDR) has matured, attackers have pivoted to internet-exposed edge devices – routers, VPN gateways, and firewalls. These assets offer privileged access, limited forensic capabilities, and typically operate outside traditional endpoint security visibility. 
  • The Rise of Residentially Disguised Proxies: Criminal and nation-state crews are industrialising proxy networks using compromised small office/home office (SOHO) devices. By hijacking these “rentable identities,” attackers blend into legitimate residential traffic to bypass Zero Trust and geolocation controls. 
  • Blurred Lines of Attribution: Elite espionage campaigns are increasingly built on “stolen staging,” where nation-state actors hijack criminal infrastructure to hide their fingerprints behind noisy, common criminal activity. 

The Asia Pacific Threat Environment 

These findings carry particular relevance for Asia Pacific, where rapid digitalisation, heterogeneous infrastructure, and deep integration with industries such as global manufacturing, energy, telecommunications, logistics, and technology supply chains amplify the risk dynamics identified by Black Lotus Labs. Organisations across the region operate highly distributed digital estates made up of branch networks, regional data centres, manufacturing sites, and partner ecosystems, creating an expansive and often under-monitored edge attack surface. 

Rapid AI adoption across Asia Pacific is reshaping the cyber threat landscape, as attackers increasingly use automation to make campaigns more intelligent and adaptive. IDC research, sponsored by Lumen, found that the top three AI-driven threats disrupting Asia Pacific businesses are AI-enhanced phishing and impersonation, large language model prompt attacks, and AI-powered ransomware with real-time negotiation.1 

“Asia Pacific organisations are navigating a threat landscape that is growing in both scale and sophistication, with attackers operating well upstream of traditional defences,” said Wai Kit Cheah, APAC CISO & Connected Ecosystem leader at Lumen. “The 2026 Defender Threatscape Report reinforces that effective defence now begins before the attacker reaches the enterprise. Network-layer visibility upstream gives security teams the ability to detect and disrupt adversaries earlier and at scale.” 

The Professionalisation of Cybercrime 

The report also identified a new standard for cyber operations: the “heist crew” model. Rather than deploying standalone malware, threat actors now operate with the precision of a logistics firm, using generative AI to rotate infrastructure at machine speed and “rentable identities” through compromised home routers to blend into everyday residential traffic.  

In Asia Pacific, the scale and diversity of connected devices make this model especially effective. High levels of connectivity expand the pools of devices and infrastructure that can be quietly co-opted into malicious operations, eroding long-standing trust assumptions around residential and otherwise “clean-looking” IP space. 

With visibility into 99% of public IPv4 addresses and monitoring of more than 200 billion NetFlow sessions and 46,000 C2 servers daily, Lumen’s network vantage allows Black Lotus Labs to identify coordinated infrastructure behaviour as it emerges. In 2025, Lumen participated in eight multi-partner takedowns and disrupted 5,000 IPs to degrade adversary capabilities. 

The report deconstructs several high-profile operations that define this new era: 

  • Raptor Train: A nation-state botnet that utilised an enterprise-grade control centre to manage over 200,000 compromised Internet of Things (IoT) devices. 
  • Kimwolf: A massive, distributed denial-of-service (DDoS) botnet that scaled to hundreds of thousands of bots in weeks by exploiting residential proxy ecosystems. Lumen observed Kimwolf triple its bot count in just one week and launch attacks reaching 30 terabits per second (Tbps). 
  • Rhadamanthys: The largest malware-as-a-service platform by volume at the time of takedown that operates like a professional startup, complete with subscription tiers and customer support for more than 12,000 victims. 

“Threat intelligence is needed to find the adversary as early as possible and as close to the point of origination as possible,” said Chris Kissel, IDC vice-president, Security & Trust. “Lumen’s massive infrastructure and the quality of Black Lotus Labs provide optimal visibility of the IP backbone, greatly reducing the odds of successful cyber-attack campaigns.” 

The full 2026 Lumen Defender Threatscape Report is now available for download. 

About Lumen 

Lumen is unleashing the world’s digital potential. We ignite business growth by connecting people, data, and applications – quickly, securely, and effortlessly. As the trusted network for AI, Lumen uses the scale of our network to help companies realise AI’s full potential. From metro connectivity to long-haul data transport to our edge cloud, security, managed service, and digital platform capabilities, we meet our customers’ needs today and as they build for tomorrow. For news and insights, visit news.lumen.com, LinkedIn: /lumentechnologies, X: @lumentechco, Facebook: /lumentechnologies, Instagram: @lumentechnologies, and YouTube: /lumentechnologies

Forward-Looking Statement 

This press release includes certain forward-looking statements about future events. These forward-looking statements are not guarantees of future results, are based on our current expectations only and are subject to various uncertainties. Actual results may differ materially from those anticipated by us in these statements due to several factors, including those referenced in our filings with the U.S. Securities and Exchange Commission. 

Media Contact: 

Bud Communications on behalf of Lumen Technologies 

Email: lumen@budcomms.com  

This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. All third-party company and product or service names referenced in this article are for identification purposes only and do not imply endorsement or affiliation with Lumen. This document represents Lumen products and offerings as of the date of issue. Services not available everywhere. Lumen may change or cancel products and services or substitute similar products and services at its sole discretion without notice. ©2026 Lumen Technologies. All Rights Reserved.


Related Post

Lumen Unveils 2026 Defender Threatscape Report: Upstream Network Visibility is the New Front Line of Cyber Defence
April 10, 2026
private cloud banner
Lumen Technologies expands APAC cybersecurity capabilities in collaboration with Palo Alto Networks
December 11, 2025
A male sitting in front of a computer looking at virtual screen
Lumen Technologies Helps Enterprises See More, Stop More – Achieving Business Resilience Through A Proactive Cybersecurity Approach
May 30, 2024
Read Next