Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Login or Register to Hide ads and Accessing all features on the forum

News 

MikroTik Routers Being Hijacked to Intercept Traffic

0 Replies, 1464 Views

[Image: 81nkRJOgRL._SX425_.jpg]


    Security Researchers from Qihoo 360 Netlab. have discovered that 7500 MikroTik routers have been compromised utilizing a malicious Socks4 proxy. They also discovered
a huge crypto jacking campaign which was found targeting MikroTik routers and injecting Coinhive scripts into web traffic. This was found to have started in Brazil where over 200,00 devices were compromised.


“What’s more, we have observed a huge number of victims having their Socks4 proxy enabled on the device by one single malicious actor.” reads the review published by Qihoo 360 Netlab. More interestingly, we also discovered that more than 7,500+ victims are being actively eavesdropped, with their traffic being forwarded to IPs controlled by unknown attackers.”


    The attackers or attacker was utilizing a vulnerability designated CVE-2018-14847 since about mid-July to perform the attacks. This flaw was first discovered within the CIA Vault-7 data dump which contains the code for exploitation of the flaw. They utilized this flaw using a tool called Chimay-Red. The tool itself uses two exploits in the Winbox any directory file read Webfig remote code execution vulnerability which targets ports TCP/8291, 80, and 8080.
   

    Qihoo researchers performed a scan of over 5000 devices, 1200 of those were Mikro-Tik routers and over 30% of them are still vulnerable to CVE-2018-14847. There are still 1.2 million
that are still vulnerable, and the majority of these are located in both Brazil and Russia. The vulnerability allows attackers to hijack traffic and insert malicious scripts.


---Sh7nk-Z0id
01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011

Possibly Related Threads…
Thread Author Replies Views Last Post
  News Magecart Changes Tactics: Targets Commercial Routers Mad-Architect 0 1,267 09-26-2019, 01:59 PM
Last Post: Mad-Architect
  News TalkTalk Hacker Paying 4000K: Popular IG Account Hijacked. Mad-Architect 0 1,425 08-19-2019, 02:04 PM
Last Post: Mad-Architect
  News UK Met Police Hacked: Their Twitter Hijacked. Mad-Architect 0 1,542 07-20-2019, 12:56 PM
Last Post: Mad-Architect
  News Large Amount of European Traffic Oddly Re-routed Through China Telecom: Mad-Architect 0 1,443 06-08-2019, 01:24 PM
Last Post: Mad-Architect
  News MikroTik RouterOS Vulnerability Allows Hackers to Perform DOS Attacks Mad-Architect 0 1,397 04-07-2019, 11:10 AM
Last Post: Mad-Architect
  News Suspected Traffic Hijacking Turns Out To Be BGP Mishap Mad-Architect 0 1,492 11-15-2018, 03:10 PM
Last Post: Mad-Architect
  News Traffic sign near ICE headquarters hacked with “Abolish ICE” message Mr.Kurd 1 2,269 06-21-2018, 11:00 AM
Last Post: Legend
  News Prowli Malware Fou8nd Targeting Servers, Routers, and other LoT Devices Mad-Architect 0 1,557 06-08-2018, 02:12 PM
Last Post: Mad-Architect



Users browsing this thread: 1 Guest(s)