A large-scale DDoS (Distributed Denial of Service) attack on internet infrastructure company Dyn brought many high-profile US sites – including Amazon, Netflix, the Wall Street Journal and Twitter – to a standstill last Friday. Now it has been revealed that the incident was caused by hacked IoT (Internet of Things) devices.

Dark web intelligence firm Flashpoint reported that the attack used the Mirai malware, which works by finding IoT devices – most commonly routers, digital video recorders and security cameras – which are only protected by standard factory-default passwords and turning them into a botnet which can fire huge amounts of traffic at a single source.

The primary source of the hacked devices appears to be XiongMai Technologies, a Chinese manufacturer which sells on its components to a variety of tech vendors.

“It’s remarkable that virtually an entire company’s product line has just been turned into a botnet that is now attacking the US,” Flashpoint director of research Allison Nixon told Krebs on Security, a blog which itself suffered a Mirai attack last month.

It seems highly unlikely that this will be the last attack we see using Mirai, given that its source code was made publicly available by its developer at the end of last month and that, according to Flashpoint, the hard-coded passwords on XiongMais products cannot feasibly be changed by users, meaning the only solution is to disconnect the devices entirely.

“What can we do about this? Nothing, really,” wrote cybersecurity blogger Bruce Shneier.  “We dont know where the attacks come from. The data I see suggests China, an assessment shared by the people I spoke with. On the other hand, its possible to disguise the country of origin for these sorts of attacks. The NSA, which has more surveillance in the Internet backbone than everyone else combined, probably has a better idea, but unless the US decides to make an international incident over this, we wont see any attribution.

“But this is happening. And people should know.”