Over the weekend, around 1 million Deutsche Telekom customers experienced interruptions in their Internet services, a denial of service that has now been traced to the Mirai botnet.
Mirai leverages flaws in Internet of Things devices to create a compromised network or botnet. The source code for Mirai botnet went public in early October, allowing others to modify the code and its targets. In late October, it was used in an attack that crippled the Internet service briefly in North America.
“This was not an attack against Deutsche Telekom. It was a global attack against all kinds of devices,” said Dirk Backofen, a senior Deutsche Telekom security executive told the Reuters news service. “How many other operators were affected, we don’t know,” he said.
According to Reuters, the German Office for Information Security (BSI) said the attack had also targeted the German government’s network but had failed because defensive measures had proved effective.
“The BSI considers this outage to be part of a worldwide attack on selected remote management interfaces of DSL routers,” the government agency said on its website.
Speaking at a conference this week organized by Deutsche Telekom, security researchers noted that the attack had targeted certain models of routers used by its customers. Defensive measures that blocked the malware also knocked the compromised routers offline, creating the outage for up to 1 million customers. Information about the attack is being shared with other Internet service providers to prevent future attacks.