* Infections hit some 900,000 of 20 mln Telekom customers
* German government says its networks also targeted
* Routers in Brazil, Ireland, UK also infected, experts say (Adds comment from Brazilian National Computer EmergencyResponse Team)
By Eric Auchard
FRANKFURT, Nov 29 (Reuters) - A cyber attack that infectednearly 1 million routers used to access Deutsche Telekom internet service was part of a campaign targetingweb-connected devices around the globe, the German governmentand security researchers said on Tuesday.
The revelation from the German Office for InformationSecurity, or BSI, stoked fears of an increase in cyber attacksthat disrupt internet service by exploiting commonvulnerabilities in widely used routers, webcams, digital videorecorders and other web-connected devices.
Security researchers said the infections spread to countriesincluding Brazil, Britain and Ireland using a technique similarto one that stopped millions of people in the United States andEurope from reaching websites including PayPal Holdings Inc, Twitter Inc and Spotify on Oct. 21.
"It was a global attack against all kinds of devices," saidDirk Backofen, a senior Deutsche Telekom security executive.
The BSI said that German government networks were alsotargeted in Sunday's attack on Deutsche Telekom customers,though authorities said they succeeded in keeping systemsonline.
Deutsche Telekom, Germany's largest telecom company, saidinternet outages hit as many as 900,000 of its users, or about4.5 percent of its fixed-line customers.
Deutsche Telekom and the German government did not identifyother victims, though cyber security firm Rapid7 Inc said it observed the attackers trying to infect routers acrossthe globe.
Irish telecom operator Eir and Vodafone Group Plc inBritain use routers that were vulnerable to same kind of attack,said Rapid7 security research manager Tod Beardsley.
Flashpoint, a second U.S. cyber security research firm, saidit routers were infected in Brazil, Britain and Germany.
Eir said in a statement it was aware of potentialvulnerabilities in broadband modems from Taiwan's ZyXelCommunications Corp used by about 30 percent of Eir customers.
"We have deployed of a number of solutions both at thedevice and network level which will remove this risk," Eir said.It reported the incident to Irish regulators.
Vodafone declined to comment on whether it customers hadbeen infected, but said it was aware of a vulnerability inrouters that enables attackers to mount denial-of-serviceattacks.
The Brazilian National Computer Emergency Response Team toldReuters it was analysing the impact of the attack on Brazil, butdeclined to say how many computers had been infected.
MIRAI BOTNET
The attacks were launched with software known as Mirai thatseeks out vulnerable connected devices, then turns them intoremotely controlled "bots" for mounting large-scale attacks thatdisrupt access to websites and computer systems.
Deutsche Telekom executives apologised for the outages,saying the company had provided details about the attack toother network operators and security agencies.
Security experts said the problem affected Deutsche Telekomcustomers using three types of routers manufactured by Taiwan'sArcadyan Technology, which created a software patchthat was pushed out to users on Monday.
Arcadyan did not reply to Reuters' requests for comment.
Security experts said attributing blame for the attacks mayprove impossible because the Mirai software had been released onthe internet. It is relatively easy to use, which means hackerswith relatively few technical skills could be to blame forfollow-on attacks, they said. (Additional reporting by Jim Finkle in Boston, Harro Ten Wolde,Ilona Wissenbach and Peter Maushagen in Frankfurt and CarolineCopley, Andreas Rinke and Sabine Siebold in Berlin; Editing MarkPotter, Ruth Pitchford and Lisa Shumaker)