Date: 8 months ago   Category: Hi-Tech

More than 7500 MikroTik routers are involved in the attack with interception of traffic


Researchers from laboratory 360 Netlab have revealed harmful activity as a result of which malefactors have received control of more than 7500 MikroTik routers. On the captured devices redirection of traffic of the user on under control attacking a host has been organized.

the Attack has been made through operation of vulnerability of CVE-2018-14847 eliminated in the April MikroTikOS 6.42.1 updating. Vulnerability has been caused by a mistake in the Winbox component and allowed to change settings of the device without authentication passing. According to 360 Netlab in network there are about 370 thousand MikroTik devices with uncorrected vulnerability now. Many of these devices are already attacked by

. For example, on 7500 devices change of settings of interception of packages and mirroring of the intercepted traffic with use of the TZSP protocol is revealed. Traffic went to one of nine external IP addresses with use of selective filtering out of requests for network ports 20, 21 (FTP), 25 (SMTP), 110 (POP3), 144 (IMAP), 161 and 162 (SNMP). The greatest number of devices has been struck in Russia (1628), Iran (637), Brazil (615), India (594) and Ukraine (544).

On 239 thousand devices is revealed creation of the hidden point of a probros of traffic which has been organized through inclusion of a proxy of Socks4 open only for a subnet 95.154.216.128/25. The unsuccessful attempt of use of routers for involvement of users in a mining of cryptocurrencies is also recorded. On some devices attacking have included a HTTP proxy and have configured проброс all requests to a HTTP proxy to the local page output at a HTTP mistake 403. On this to the page the JavaScript-code for a cryptocurrency mining loaded from the website coinhive.com has been added. The code was non-working as loading of data with coinhive.com also fell under established by the attacking ACL. On materials: www.opennet.ru

URL:




Today

just now

Representatives of Syria and the Crimea during YaMEF-2019 discussed cooperation in the sphere of civil engineering, trade, health care and culture. It was said on Saturday by the Minister for the Econ...

just now

The regular physical activity, even not intensive, is capable to improve intellectual human health. Scientists said that thanks to it the risk of development of dementia is reduced. specialists of Bos...

just now

Information that in Berdyansk, on Gostinnaya Street the museum building burns came to Service "101" yesterday. 7 rescuers came out to the scene. is said About it in the statement of the press service of GSChS. according to department, in the utility room of the museum "Podvig" burned hozveshch. According to preliminary information, violation of...

just now

"Actually I did not know about the fact that I was the most age player as a part of the Carpathians in a match against Desna. In the field did not think of such things. I consider that for the goalkee...

just now

The manager of Manchester City Pep Guardiola received "early blow" in anticipation of a summer transfer window, and the main goal in a midfield of Tanga of Ndombele approaches Juventus, The Sun claims...

just now

After Zhanna Friske's death her son Platon lives with the father Dmitry Shepelev. The TV host leads the closed life, he seldom communicates with journalists and shows photos of the son. However 6-ye...

just now

We already told that in macOS 10.15 closer integration into Apple Watch will appear. Today it became known of other innovations: the new operating system will get several new functions. It is about su...

just now

The popular crossover received the minimum changes from most of which part mentioned the Adventure package. In the Russian car showrooms Renault is already available the updated Duster which unlike...