In recent times, the German firm, Deutsche Telekom acknowledged that 900,000 of the company's routers had been infected malware.
In the process, it was announced that more than 5 million routers would still be vulnerable around the world.
This article will also interest you: Mobile operators find a common solution against SIM Swapping
French users have been alerted by Le Cert-FR. The Flashpoint team recalled that "several versions of the malicious binary are in circulation. ». The Cert-FR for its part recommended everyone to reform their passwords especially those that still exist by default. But it also recommends finding a way to restrict access to tools used in administration and disable "services unnecessarily launched on equipment exposed to the network."
The malware, which is Mirai-type, has begun to interested in new targets and its new version is much more interested in the Routers. This is not the first time that variants of this program have malicious is used for attacks on companies or companies public institutions. However, taking into account its all-new Telecom, we can very clearly see that the hackers using this program are starting to change course, and are interested in other types victims now.
It has been realized that since the creator of the malware publicized the source code of its program, several cyber criminals have taken an interest in the matter and are are even seen fighting over the same terrain. This is what has made Mirai, one of the programs most used by many hackers, especially to take control of several systems computers around the world. "Evolution logic for this malware was to decouple the infection mechanism from the malware's payload, by exploiting a new vector" described Flashpoint in his blog.
The latest innovation with Mirai is that it now uses the vulnerabilities that have been discovered on the TR-064 and TR-069 protocols, which are at the origin of the maintenance. We then see that the program no longer confines itself to the Telnet network. It's because of the vulnerabilities protocols that the hacker manages to infect more than 900,000 produced by Deutsche Telekom.
The most important thing right now is to determine the origin of the attack. Several infected devices have been detected in Brazil and Great Britain. According to Flashpoint experts, users of this malware seem to be regulars of this kind of attack. According to the German media in particular the newspaper Tagesspiegel, Russia may be the main suspect.
Chancellor Angela Merkel declined to comment on the rumour. She refuses to give any confirmation or infirmation on the subject. On the other hand, determining the purpose of hackers will of course allow us to know where they come from. Investigations are continuing and we are awaiting a return from the authorities.
Now access an unlimited number of passwords: