The Chaya_006 Edge Campaign
Forescout’s Vedere Labs just dropped a threat briefing on a campaign they’re tracking as Chaya_006, and it’s a textbook example of how fast threat actors move these days. Attackers are aggressively targeting the very edge of Operational Technology (OT) networks. Specifically, they’ve been analyzing an unauthenticated command injection flaw (CVE-2025-67038) in Lantronix serial-to-IP converters, while simultaneously running massive, automated brute-force campaigns against internet-exposed OpenWrt interfaces. Threat actors reverse-engineered the vendor’s patches to weaponize the Lantronix flaw before the official technical details were even made public, allowing attackers to establish persistent access to exposed industrial edge devices before defenders could react.
Impacted Systems and Mitigation Steps
You are at risk if your company oversees manufacturing, utilities, critical infrastructure, or other automation environments that depend on Lantronix serial converters or OpenWrt-based devices. You must update your firmware immediately and update Lantronix EDS5000 devices to version 2.2.0R1 and EDS3000 units to version 3.2.0.0R2 in order to lock everything down. To prevent a perimeter breach from developing into a full-fledged network compromise, in addition to patching, make sure your OpenWrt interfaces aren’t using default credentials, closely monitor your network logs for strange incoming traffic to LuCI RPC endpoints, and completely remove these edge devices from the public internet.
Author Notes
Forescout Technologies. (2026, June 29). Analyzing Active Exploitation of Lantronix and OpenWRT LuCI. Forescout Research – Vedere Labs.
About the Author
Carmen Estela is a Cybersecurity Research Analyst at Cyber Defense Magazine and a Women in Cybersecurity Award Candidate. She recently graduated with a Master’s of Science degree from the University of Central Florida and holds a Bachelor’s degree in Criminology from the University of Florida with certifications in Data Analytics and AI Fundamentals. She frequently speaks and volunteers at well-known industry gatherings, such as BSides Orlando and BSides Jax, where she offers her perspectives on emerging cyber trends. Carmen is committed to advancing the standards of governance, risk, and compliance within cybersecurity. She has also served as an adult protective investigator, police dispatcher, and legal intern, applying investigative skills across law enforcement, academic, and public service settings.
Reach her online at [email protected].

