Unpatched Routers Being Used To Build Vast Proxy Army, Spy On Networks
Researchers at China’s Netlab 360 have discovered that thousands of routers manufactured by the Latvian company MikroTik have been compromised by malware attacking a vulnerability revealed April. While MikroTik posted a software update for the vulnerability in April, researchers found that more than 370,000 MikroTik devices they identified on the Internet were still vulnerable. The attack comes after a previous wave based on a vulnerability made public by WikiLeaks’ publication of tools from the CIA’s “Vault7” toolkit.
According to a report by Netlab 360’s Genshen Ye, more than 7,500 of them are actively being spied on by attackers, who are actively forwarding full captures of their network traffic to a number of remote servers. Additionally, 239,000 of the devices have been turned into SOCKS 4 proxies accessible from a single, small Internet address block.