4th September, 2018 By Ionut Ilascu
Attackers compromising MikroTik routers have configured the devices to forward network traffic to a handful of IP addresses under their control.
Cybercriminals gained access to the devices by exploiting CVE-2018-14847, a vulnerability that has been patched since April.
The bug is in Winbox management component and allows a remote attacker to bypass authentication and read arbitrary files. Exploit code is freely available from at least three sources from at least three sources (1, 2, 3).
Starting the middle of July, security researchers from Qihoo 360 Netlab noticed on their honeypot system malicious activity aimed at MikroTik routers.
Full Article.
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.