Skip to content

TR069 meets Brickerbot and friends

Bleepingcomputer has a report on the californian ISP Sierra Tel, who apparently has visitors (JPG of letter) over at their customers TR069 interfaces.

TR069 is the config interface of home DSL equipment, and if it is insufficiently secured, can be used to own each and every home DSL router of an ISP.

Which happened to Sierra, twice, simultaneously. Which did not improve the results at all.

“BrickerBot was active on the Sierra Tel network at the time their customers reported issues,” Janit0r told Bleeping Computer in an email, “but their modems had also just been mass-infected with malware, so it’s possible some of the network problems were caused by this concomitant activity.”

Janit0r suggested the other culprit was Mirai, a malware also known to cause similar issues.

Mirai is also the malware that disabled a bunch of German and British Telekom modems earlier this year.

 

Published inHackerterrorcybercyber

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *