https://www.bleepingcomputer.com/news/security/cyber-espionage-group-infects-victims-through-microtik-routers/ Make sure you are all using winbox 3.12 or higher. This was fixed last year (v6.38.4?) But only now does the detailed info on this exploit become more fully published.