Bufferbloat on XB8-T, Nothing Fixing

https://www.facebook.com/ZirafaMedia/posts/pfbid02kw1PKGVyqVi7mcCAZedUZRvGKUWXTE6WhczehagpiYUjShBsDd8r1yQEPjM42c5Vl

FROM A FACEBOOK POST
ZirafaMedia
🚨 Potential Cyberattack on ISP Infrastructure: Have you been experiencing internet outages this week? A Comcast #Xfinity representative claimed on Monday the nationwide interruption in services was due to a system update gone wrong.
It wasn’t.

ZirafaMedia has spoken with multiple internal Comcast engineers in Philadelphia. What they described isn’t a botched rollout — it’s a firmware-level compromise affecting an estimated 40% of deployed XB8 gateways nationwide. The malware is embedded directly in the modem firmware, below the OS layer, which means standard remediation tools can’t touch it. Invisible to standard diagnostic tools and unremovable through conventional patching. You can’t patch your way out of a JTAG-level infection.

No patch exists that can fix a compromised bootloader. You have to replace the hardware or you contain the blast radius. Comcast is struggling to do either at scale.

The “bad update” narrative fails a basic technical smell test: Comcast’s deployment infrastructure uses staged rollout protocols, environment gates, and change management controls specifically architected to prevent a simultaneous nationwide production failure. A real update doesn’t do this. 
A supply chain compromise does. (!!)

Current working theory among internal engineers: a contractor. Someone with legitimate access to provisioning systems. An insider threat that wasn’t inside the org chart — but was inside the network.

Three days in. The outages persist. And engineers are still mapping the malware’s full capability set — which means nobody knows yet what it can do to the millions of devices that appear to be functioning normally.