- Jul 22, 2014
- 2,525
Two malware families battling for turf are most likely the cause of an outage suffered by Californian ISP Sierra Tel at the beginning of the month.
This outage took place on April 10, 2017, when Sierra Tel customers started complaining about losing Internet and telephone connectivity.
While initially there were unconfirmed rumors that the company had botched a firmware update, in a statement released the following day, on April 11, Sierra Tel admitted it was the victim of a "malicious hacking event."
"Hacking event" affected only Zyxel HN-51 modems
The company said someone targeted and hacked Zyxel modems model HN-51, all of which couldn't connect to its network anymore.
As the number of complaining users kept growing, Sierra Tel representatives asked customers to drop their Zyxel modems at their offices, where they could get a replacement.
The company underestimated the size of the incident, and after a few hours, it ran out of replacement modems, while customers formed long lines outside their offices.
Subsequent clients who came to receive replacements were asked to leave their devices at the company's offices, promising that staff would repair the modem, and give them a call when it would be ready.
On Saturday, April 22, almost two weeks later, Sierra Tell representatives announced they finally managed to finish repairing all the affected modems.
"The Sierra Tel family is pleased to report that we have nearly completed our response to the highly disruptive impacts of the illegal hacking of the HN-51 modem," the company wrote on Facebook.
BrickerBot was active on Sierra Tel's network
The outage was only reported by the local press and got little attention from national media, as it only affected Sierra Tel customers in the cities of Mariposa and Oakhurst, California.
The incident was brought to Bleeping Computer's attention by Janit0r, a man who claims to have developed BrickerBot, an IoT malware family that bricks unsecured IoT devices.
.....
Janit0r suggested the other culprit was Mirai, a malware also known to cause similar issues. Last year, a hacker known as Popopret deployed a defective Mirai version that caused over 900,000 modems belonging to Deutsche Telekom to go offline for nearly a day, before the German ISP retook control over its devices via a firmware update. A week later, several British ISPs suffered the same fate.
.....
Over the weekend, Radware, the cyber-security firm who first spotted BrickerBot issued another report unveiling two newer versions of the BrickerBot malware, with different bricking techniques compared to the first samples they discovered. The company also has a series of recommandations for keeping IoT devices safe from BrickerBot and other IoT malware.
This outage took place on April 10, 2017, when Sierra Tel customers started complaining about losing Internet and telephone connectivity.
While initially there were unconfirmed rumors that the company had botched a firmware update, in a statement released the following day, on April 11, Sierra Tel admitted it was the victim of a "malicious hacking event."
"Hacking event" affected only Zyxel HN-51 modems
The company said someone targeted and hacked Zyxel modems model HN-51, all of which couldn't connect to its network anymore.
As the number of complaining users kept growing, Sierra Tel representatives asked customers to drop their Zyxel modems at their offices, where they could get a replacement.
The company underestimated the size of the incident, and after a few hours, it ran out of replacement modems, while customers formed long lines outside their offices.
Subsequent clients who came to receive replacements were asked to leave their devices at the company's offices, promising that staff would repair the modem, and give them a call when it would be ready.
On Saturday, April 22, almost two weeks later, Sierra Tell representatives announced they finally managed to finish repairing all the affected modems.
"The Sierra Tel family is pleased to report that we have nearly completed our response to the highly disruptive impacts of the illegal hacking of the HN-51 modem," the company wrote on Facebook.
BrickerBot was active on Sierra Tel's network
The outage was only reported by the local press and got little attention from national media, as it only affected Sierra Tel customers in the cities of Mariposa and Oakhurst, California.
The incident was brought to Bleeping Computer's attention by Janit0r, a man who claims to have developed BrickerBot, an IoT malware family that bricks unsecured IoT devices.
.....
Janit0r suggested the other culprit was Mirai, a malware also known to cause similar issues. Last year, a hacker known as Popopret deployed a defective Mirai version that caused over 900,000 modems belonging to Deutsche Telekom to go offline for nearly a day, before the German ISP retook control over its devices via a firmware update. A week later, several British ISPs suffered the same fate.
.....
Over the weekend, Radware, the cyber-security firm who first spotted BrickerBot issued another report unveiling two newer versions of the BrickerBot malware, with different bricking techniques compared to the first samples they discovered. The company also has a series of recommandations for keeping IoT devices safe from BrickerBot and other IoT malware.
Last edited: