German Telecom Service Deutsche Telekom confirmed that the connectivity problems that 900.000 had from its customers on Sunday were the result of a hack attempt.
“Following the latest findings, it appears that some of Deutsche Telekom's customer routers were affected by an external attack. Our network was not affected in any way. The attack attempted to infect routers with malware, and although it failed it caused problems and limitations on 4 to 5 percent of our customers' routers. This led to limited use of Deutsche Telekom's services by the affected customers," she said company.
“According to what we know, there is currently an attack on the maintenance UI of routers around the world. This was also confirmed by the Federal Agency for better safety of the information."
In order to mitigate the attack, Deutsche Telekom has implemented a series of measures on their network. At the same time, it released an updated version of the firmware for the targeted routers: Speedport W 921V and Speedport W 723V Type B. This update will prevent this malware from violating the routers accidentally or deliberately, creating a denial-of-service situation.
“Currently, an updated version of software provided to all our concerned customers who wish to fix their problem router. The installation of the software has already started and we can see the success of this measure," the company added, noting that it asked its customers affected by the attack to disconnect their routers for 30 seconds, as after a reboot the malware is removed from the device.
Meanwhile, Kaspersky Lab researchers report that the attack on Deutsche Telekom customers' routers comes from a variant of malware Mirai.