CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Software Developer Sentenced for Malicious Kill Switch on Ex-Employer's Windows Network

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Davis Lu, a 55-year-old former software developer for Eaton Corporation, has been sentenced to four years in prison and three years of supervised release for creating and deploying malicious code that included a kill switch on his ex-employer's Windows network. The sabotage occurred after Lu's termination in 2019, causing significant disruption and financial loss. Lu embedded a malicious Java thread loop designed to overwhelm servers and crash production systems. He also created a kill switch that locked out all users when his account was disabled. The incident resulted in thousands of users being locked out of their systems, causing hundreds of thousands of dollars in losses. Lu also created additional malicious code named 'Hakai' and 'HunShui'. Lu's actions were discovered after investigators found search queries on his laptop related to privilege escalation, process hiding, and file deletion. He was sentenced for breaching his employer's trust and using his technical knowledge to cause significant harm.

Timeline

  1. 22.08.2025 02:46 2 articles · 1mo ago

    Ex-employee's malicious kill switch disrupts ex-employer's systems

    Davis Lu, a 55-year-old former software developer for Eaton Corporation, was sentenced to four years in prison and three years of supervised release for creating and deploying malicious code that included a kill switch on his ex-employer's Windows network. The sabotage occurred after Lu's termination in 2019, causing significant disruption and financial loss. Lu embedded a malicious Java thread loop designed to overwhelm servers and crash production systems. He also created a kill switch that locked out all users when his account was disabled. The incident resulted in thousands of users being locked out of their systems, causing hundreds of thousands of dollars in losses. Lu also created additional malicious code named 'Hakai' and 'HunShui'. Lu's actions were discovered after investigators found search queries on his laptop related to privilege escalation, process hiding, and file deletion. He was sentenced for breaching his employer's trust and using his technical knowledge to cause significant harm.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

RaccoonO365 Phishing Network Disrupted by Microsoft and Cloudflare

The RaccoonO365 phishing network, a financially motivated threat group, was disrupted by Microsoft's Digital Crimes Unit (DCU) and Cloudflare. The operation, executed through a court order in the Southern District of New York, seized 338 domains used by the group since July 2024. The network targeted over 2,300 organizations in 94 countries, including at least 20 U.S. healthcare entities, and stole over 5,000 Microsoft 365 credentials. The RaccoonO365 network operated as a phishing-as-a-service (PhaaS) toolkit, marketed to cybercriminals via a subscription model on a private Telegram channel. The group used legitimate tools like Cloudflare Turnstile and Workers scripts to protect their phishing pages, making detection more challenging. The mastermind behind RaccoonO365 is believed to be Joshua Ogundipe, who received over $100,000 in cryptocurrency payments. The group is also suspected to collaborate with Russian-speaking cybercriminals. Cloudflare executed a three-day 'rugpull' against RaccoonO365, banning all identified domains, placing interstitial 'phish warning' pages, terminating associated Workers scripts, and suspending user accounts to prevent re-registration.

Open in new tab