Slaters Kustum Machines
Well-Known Member
- Reaction score
- 2,498
- Location
- Iowa
A newly discovered botnet targets TCP port 8291 and vulnerable Mikrotik RouterOS-based devices. MikroTik, a Latvian hardware manufacturer, products are used around the world and are now a target of a new propagating botnet exploiting vulnerabilities in their RouterOS operating system, allowing attackers to remotely execute code on the device. Such devices have been making unaccounted outbound winbox connections. Radware’s Emergency Response Team (ERT) has spotted an increase in malicious activity following Kaspersky’s publication about the Slingshot APT malware that infected Mikrotik routers. It is believed this botnet is part of the Hajime botnet. Radware is witnessing the spreading mechanism going beyond port 8291 into others and rapidly infecting other devices other than MikroTik (such as AirOS/Ubiquiti). The concern is that this new botnet will be leveraged to launch DDoS attacks. This is another event demonstrating the struggle for control between various bot-herders.
https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-reports/mikrotik-botnet/
https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-reports/mikrotik-botnet/