German government blames Telekom problems with global attack on dsl routers

The German BSI, a government organization that deals with information security, has announced that the problems with Telekom routers stem from a worldwide attack on vulnerable devices.

The organization says that the attack took place on “certain ports used for remote management”, without stating which ports exactly. The BSI comes to this conclusion because it was able to observe the attack on government systems under its own management, but was able to repel it. The organization says it is coordinating the response to the attack together with the German counterpart of the NCSC. The attack allegedly aimed to infect the routers with malware.

The affected provider Deutsche Telekom has now announced via a message on its website that a patch is available for the affected routers. Users can download it automatically by not plugging in their device for thirty seconds. The report also indicates that the affected routers are the Speedport W921V model. Earlier reports showed that about 900,000 customers of the provider have suffered from a malfunction since Sunday evening, as a result of which they have little or no connection to the internet. Deutsche Telekom said the problems may stem from a hacking attack.

A message appeared on the site of the American Internet Storm Center on Monday warning that more and more attacks have been taking place on port 7547 in recent days. It is suggested that this is the cause of the problems at the German provider. A scan revealed that approximately 41 million internet-connected devices have this port open, “which could easily create a second Mirai botnet.”

The gate requests would attempt to exploit an rce leak in the TR-069 protocol, which may be present in routers from Telekom and an Irish provider. It is currently unclear whether this is actually the cause of the attacks on the Telekom routers.