German Telecom Service Deutsche Telekom confirmed that the connectivity problems that 900.000 had from its customers on Sunday were the result of a hack attempt.
“Following the latest findings, it appears that some of Deutsche Telekom's client routers were affected by an external attack. Our network was not affected in any way. The attack tried to infect routers with malicious software, and although it failed, it caused problems and restrictions on 4 to 5 percent of our clients' routers. This resulted in limited use of Deutsche Telekom's services by affected customers, ”the company said.
“As we know, there is an attack on routers maintenance UI around the world right now. This was also confirmed by the Federal Office for Information Security. "
In order to mitigate the attack, Deutsche Telekom implemented a number of measures in their network. At the same time, he released an updated version at firmware of the targeted routers: Speedport W 921V and Speedport W 723V Typ (Type) B. The update will prevent this malware from accidentally or intentionally compromising the routers, creating a situation denial-of-Service.
“Currently, an updated version of the software is provided to all our concerned customers who wish to fix the router issue. The installation of the software has already started and we can see the success of this measure," the company added, noting that it asked its customers affected by the attack to disconnect their routers for 30 seconds, as after the restartmovement the malware is removed from the device.
Meanwhile researchers of Kaspersky Lab report that this particular attack on Deutsche Telekom customer routers comes from a variant of the Mirai malware.