2:50pm, 29 Mar 2018
TLP Rating: White
MikroTik RouterOS vulnerability
CERT NZ has been informed of an active attack targeting MikroTik RouterOS devices.
Attackers are identifying these devices by scanning for public IP addresses running specific RouterOS ports and using older versions of the operating system. Once the vulnerability is exploited, malware is downloaded to the compromised devices. The device is then being used to scan for other IP addresses and spread.
CERT NZ is aware that this attack is active. We strongly recommend investigating and patching any RouterOS devices on your network as soon as possible to prevent them from being compromised.