Attackers compromising MikroTik routers have configured the devices to forward network traffic to a handful of IP addresses under their control.
Cybercriminals gained access to the devices by exploiting CVE-2018-14847, a vulnerability that has been patched since April.
The bug is in Winbox management component and allows a remote attacker to bypass authentication and read arbitrary files. Exploit code is freely available from at least three sources from at least three sources (1, 2, 3).
Starting the middle of July, security researchers from Qihoo 360 Netlab noticed on their honeypot system malicious activity aimed at MikroTik routers.
Full Article.