[GTER] FYI: 7,500+ MikroTik Routers Are Forwarding Owners’ Traffic to the Attackers, How is Yours?

Henrique de Moraes Holschuh hmh at hmh.eng.br
Tue Sep 4 14:18:22 -03 2018

Artigo relevante para a Internet Brasileira:


"Since Mid-July, our Anglerfish Honeypot System has been picking up
malware exploiting the above MikroTik CVE-2018-14847 vulnerability to
perform various malicious activities. Some of the activity has been
spotted by other security researchers such as CoinHive mining code

What’s more, we have observed massive number of victims having their
Socks4 proxy enabled on the device by one single malicious actor.

More interestingly, we also discovered that more than 7,500+ victims are
being actively eavesdropped, with their traffic being forwarded to IPs
controlled by unknown attackers."

Leiam o artigo para maiores detalhes.  O Brasil é o *mais* afetado.

  Henrique Holschuh

More information about the gter mailing list