A new zombie army of hacked Internet of Things devices forced thousands of Brits offline, as hackers tried to expand the reach of their botnet.
The UK internet providers TalkTalk and Post Office confirmed that some of their customers experienced outages due to a cyberattack. One of the hackers who controls the new botnet created with a modified version of the infamous Mirai malware1 said they were responsible for the issues.
“Sorry for UK Post Office,” a hacker who goes by the name BestBuy told Motherboard in an online chat, explaining that they didn’t target them “intentionally.”
“But they should give their customers better hardware :\,” the hacker said.
BestBuy explained that “too many requests freeze the shitty routers,” and that they were just trying to enlist more devices into their botnet. The hacker said that they now call the modified malware Annie instead of Mirai, and that they have collected as many as 4.8 million bots. (Motherboard could not verify this figure, but it’s way higher than any other number reported before, so worth taking with a grain of salt.)
TalkTalk confirmed that “a small number” of customer’s routers were affected by Mirai. A Post Office spokesperson said a “third party” disrupted some customers on Nov. 27, impacting “certain types of routers.”
”They should give their customers better hardware […] Too many requests freeze the shitty routers.”
These new disruptions come weeks after unknown attackers used a Mirai-powered botnet to target the services https://motherboard.vice.com/read/twitter-reddit-spotify-were-collateral-damage-in-major-internet-attack of major websites such as Twitter, Spotify and Reddit. Mirai has been used to launch distributed denial of service attacks against several victims, including the site of well-known security journalist Brian Krebs https://motherboard.vice.com/read/journalist-hit-by-record-ddos-attack-im-kind-of-like-plutonium-right-now, and the internet infrastructure company Dyn https://motherboard.vice.com/read/twitter-reddit-spotify-were-collateral-damage-in-major-internet-attack, which resulted in the outages at the aforementioned major websites and many others.
BestBuy, along with another cybercriminal known as Popopret, is renting out access to their botnet, offering customers the ability to launch disruptive cyberattacks. If it’s true that they have a massive botnet as they claim to be, we can expect more attacks and more collateral damage in the coming weeks.
“Done pushing update,” BestBuy told me, referring to a new version of Mirai or Annie. “Hope to god nothing goes batshit.”