Mirai botnet targets Deutsche Telekom routers in global cyberattack

It's the same campaign that took major US sites offline for hours back in October.

REUTERS/Dado Ruvic/Illustration

The German Office for Information Security confirmed on Tuesday that not only had nearly a million routers on the Deutsche Telekom (DT) network been recently attacked but that the assault was part of a larger campaign stretching across the world.

The Mirai botnet, which knocked a number of US service sites -- including Spotify and Twitter -- offline on October 21st, is reportedly the culprit. These attacks targeted unsecured IoT devices like baby monitors and security cameras, taking control of them using common exploits. Once the devices are under the botnet's control, they can be used to flood sites with traffic (aka a DDoS attack) in order to overwhelm their servers and knock them offline.

"It was a global attack against all kinds of devices," Dirk Backofen, a senior Deutsche Telekom security executive, told Reuters. 900,000 or roughly 4.5 percent of DT's landline customers were targeted as well as a number of German government routers. Routers in Ireland, Great Britain, even as far away as Brazil were also targeted.

The routers in question are three models made by Taiwan's Arcadyan Technology -- though DT resells them under the brandname, Speedport. The company pushed a patch live on Monday to correct the vulnerability. For its part, DT apologized to its customers and has begun applying "filter measures in the network to prevent the remote maintenance interface from being accessed by the attackers in order to exclude a new infection of devices," according to the site's FAQ. More software updates are expected for the next few days as DT network engineers continue to shore up the vulnerability.