A cyberattack involving a variant of the Mirai botnet has interrupted the internet connection of close to a million Deutsche Telekom customers, the company reported on Monday.
This is the first major cyberattack on the German telecoms group. According to Deutsche Telekom, the routers of costumers were affected by an “attack from outside.” The attack attempted to infect routers with a malware but failed which caused crashes or restrictions for four to five percent of all routers. This led to a restricted use of Deutsche Telekom services for affected customers, the company said.
The malware infected the routers through a newly discovered vulnerability in a feature that allows ISPs to remotely upgrade the firmware on the devices. The tweaked Mirai malware turns that feature off once it infests a device, making it harder to restore the devices to an operational state.
According to the company, about 900,000 of its 20m fixed network customers experienced problems starting Sunday afternoon, with some customers seeing “very marked fluctuations in quality,” and some customers for whom the service was “not working at all”.
The company urged affected customers to disconnect their router momentarily from the power supply in order to reboot it, allowing the router to function normally. The routers revert back to their original state after the reboot, “meaning there was no permanent infection with malware,” according to Deutsche Telekom.