Almost 1M home internet routers of Deutsche Telekom customers attacked by Mirai variant
German telco giant Deutsche Telekom was the victim of a cyber-attack over the weekend, which left some 900,000 users affected, the company confirms in a blog post.
Following the latest findings, routers of Deutsche Telekom costumers were affected by an attack from outside. Our network was not affected at any time. The attack attempted to infect routers with a malware but failed which caused crashes or restrictions for four to five percent of all routers. This led to a restricted use of Deutsche Telekom services for affected customers. We implemented a series of filter measures to our network. Affected customers should disconnect their router momentarily from the power supply in order to reboot it.
Most of the affected routers were back online as of Tuesday evening, Deutsche Telekom spokesman Stephan Broszio said. The company instructed customers to reboot the machines to download a software patch. It hasn’t yet found the culprit.
The malware used in the attack was a variant of the Mirai code that has been used in other attacks, according to the SANS Institute, a cybersecurity research group.
Security experts say the Mirai software has infected millions of network routers, digital video recorders and other connected devices around the world in recent months. The code works by exploiting factory-default passwords that most device owners never change.
A similar cyber-attack was reported by UK TalkTalk Telecom Group “a small number of customer routers” on Thursday, the company said in a statement. “Along with other Internet Service Providers in the UK and abroad, we are taking steps to review the potential impacts of the Mirai worm”, TalkTalk said, adding it has put additional controls in place.
Flashpoint, a security research firm, estimated as many as five million devices spread across Brazil, Germany and the U.K., among other countries, carried the same weakness that disrupted Deutsche Telekom’s routers.