The concern is that this new botnet will be leveraged to launch DDoS attacks. Radware is witnessing the spreading mechanism going beyond port 8291 into others and rapidly infecting other devices other than MikroTik (such as AirOS/Ubiquiti). It is believed this botnet is part of the Hajime botnet. Radware’s Emergency Response Team (ERT) has spotted an increase in malicious activity following Kaspersky’s publication about the Slingshot APT malware that infected Mikrotik routers. Such devices have been making unaccounted outbound winbox connections. MikroTik, a Latvian hardware manufacturer, products are used around the world and are now a target of a new propagating botnet exploiting vulnerabilities in their RouterOS operating system, allowing attackers to remotely execute code on the device. Download a Copy Now AbstractĪ newly discovered botnet targets TCP port 8291 and vulnerable Mikrotik RouterOS-based devices. A newly discovered botnet targets TCP port 8291 and vulnerable Mikrotik RouterOS-based devices.
0 Comments
Leave a Reply. |