Date: 6 months ago   Category: Hi-Tech

More than 7500 MikroTik routers are involved in the attack with interception of traffic


Researchers from laboratory 360 Netlab have revealed harmful activity as a result of which malefactors have received control of more than 7500 MikroTik routers. On the captured devices redirection of traffic of the user on under control attacking a host has been organized.

the Attack has been made through operation of vulnerability of CVE-2018-14847 eliminated in the April MikroTikOS 6.42.1 updating. Vulnerability has been caused by a mistake in the Winbox component and allowed to change settings of the device without authentication passing. According to 360 Netlab in network there are about 370 thousand MikroTik devices with uncorrected vulnerability now. Many of these devices are already attacked by

. For example, on 7500 devices change of settings of interception of packages and mirroring of the intercepted traffic with use of the TZSP protocol is revealed. Traffic went to one of nine external IP addresses with use of selective filtering out of requests for network ports 20, 21 (FTP), 25 (SMTP), 110 (POP3), 144 (IMAP), 161 and 162 (SNMP). The greatest number of devices has been struck in Russia (1628), Iran (637), Brazil (615), India (594) and Ukraine (544).

On 239 thousand devices is revealed creation of the hidden point of a probros of traffic which has been organized through inclusion of a proxy of Socks4 open only for a subnet 95.154.216.128/25. The unsuccessful attempt of use of routers for involvement of users in a mining of cryptocurrencies is also recorded. On some devices attacking have included a HTTP proxy and have configured проброс all requests to a HTTP proxy to the local page output at a HTTP mistake 403. On this to the page the JavaScript-code for a cryptocurrency mining loaded from the website coinhive.com has been added. The code was non-working as loading of data with coinhive.com also fell under established by the attacking ACL. On materials: www.opennet.ru

URL:




Today

just now

The ambassador of Ukraine in Canada Andrey Shevchenko gave the direct written instruction to conclude under the Russian laws the bargain on sale of the ground belonging to it in the Crimea. It was sai...

just now

The mayor of Lviv, the candidate for President of Ukraine Andrey Sadovyi drove Lviv residents into boondocks and squabbled with the whole country. Such opinion on air of TV channel "112 Ukraine" was e...

just now

The most emotional display today within a Fashion week in Milan the fashion show of Fendi became indisputable - on a podium presented the last collection created with the assistance of Karl Lagerfeld....

just now

On Wednesday, February 20, in a zone of carrying out Operation of the Integrated forces on Donbass the fighter of AFU Vasily Bogonosyuk died. Is specified that the dead was the senior soldier of the...

just now

Unknown vandals broke 8 vases which were installed within improvement of the territory near Arkady. This information was published by the press service of the Odessa city council. "The staff of th...

just now

Philip's tours with Alla broke mentality of the young actor. Kirkorov beat women, fans and even pensioners, but thanks to the help of doctors learned to behave. Philip Kirkorov is well-known for the...

just now

In the near future Earth can return to a condition of the Palaeocene eotsenovogo thermal maximum (PETM). It was observed on the planet already once - 56 million years ago. However thanks to vigorous activity of the person history can repeat. Writes Phys.org about it. the New research showed that people pump carbon dioxide in the atmosphere wi...

just now

NVIDIA presented video cards of new family MX for laptops of initial level - GeForce MX230 and GeForce MX250. These are products on the basis of architecture of Pascal. They support DirectX 12 and bot...