Skip to main content

Mikrotik routers pwned en masse, send network data to mysterious box

posted onSeptember 4, 2018
by l33tdawg
The Register
Credit: The Register

More than 7,500 Mikrotik routers have been compromised with malware that logs and transmits network traffic data to an unknown control server.

This according to researchers from 360 Netlab, who found the routers had all been taken over via an exploit for CVE-2018-14847, a vulnerability first disclosed in the Vault7 data dump of supposed CIA hacking tools.

Since mid-July, Netlab says, attackers have been looking to exploit the flaw and enlist routers to do things like force connected machines to mine cryptocurrency, and, in this case, forward their details on traffic packets to a remote server. “At present, a total of 7,500 MikroTik RouterOS device IPs have been compromised by the attacker and their TZSP traffic is being forwarded to some collecting IP addresses,” the researchers explain.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th