Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

MikroTik Devices Used in Large Botnet Attack

January 16, 2025
Reading Time: 2 mins read
in Alerts
Critical Cryptojacking Code Found in Kong Ingress Controller Image

A newly discovered botnet, consisting of 13,000 compromised MikroTik devices, is taking advantage of misconfigured domain name server (DNS) records to bypass email security measures and deliver malware. The threat actor behind the botnet exploits a vulnerability in the sender policy framework (SPF) used to validate email senders. The attacker misconfigures the SPF record for around 20,000 web domains, using an overly permissive “+all” option that allows any server to send emails on behalf of those domains, thus enabling email spoofing and the delivery of malicious content.

The botnet was discovered by DNS security company Infoblox, which tracked the activity of the malspam campaign active in late November 2024. Some of the fraudulent emails impersonated well-known companies like DHL Express, tricking recipients into opening attachments that appeared to be freight invoices. These attachments contained a ZIP file which, once opened, executed a JavaScript file that ran a PowerShell script, which in turn connected to a command-and-control server controlled by the attacker. The domain associated with the C2 server had previously been linked to Russian cybercriminal groups.

Infoblox researchers revealed that the botnet’s operation was much larger than initially thought

Infoblox researchers revealed that the botnet’s operation was much larger than initially thought, with approximately 13,000 hijacked MikroTik devices forming part of a significant, sprawling network. These devices were used to send phishing emails, exfiltrate data, and mask the origin of malicious network traffic. By configuring the MikroTik routers as SOCKS4 proxies, the attacker was able to amplify the scale of the botnet’s operations, allowing it to launch distributed denial-of-service (DDoS) attacks, deliver phishing emails, and distribute malware more effectively. This method of botnet expansion enables the attackers to leverage a large number of compromised devices, significantly increasing the impact of their operations.

Despite warnings to MikroTik device owners to update their firmware and patch vulnerabilities, many devices remain exposed due to slow patching practices. The botnet demonstrates the potential danger posed by unsecured, outdated networking devices. Infoblox has advised MikroTik users to apply the latest firmware updates, change default admin credentials, and restrict remote access to control panels unless absolutely necessary. The misuse of MikroTik devices highlights the importance of maintaining robust security practices and timely software updates to protect against botnet-driven cyberattacks.

Reference:
  • MikroTik Botnet Exploits DNS Flaws to Spread Malware Across 20000 Domains
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityJanuary 2025
ADVERTISEMENT

Related Posts

W3LL Phishing Kit Steals Microsoft Logins

W3LL Phishing Kit Steals Microsoft Logins

May 20, 2025
W3LL Phishing Kit Steals Microsoft Logins

Windows 10 Intel BitLocker Bug Fixed

May 20, 2025
W3LL Phishing Kit Steals Microsoft Logins

Zoom Phishing Attack Steals Corporate Logins

May 20, 2025
Glibc Flaw Gives Linux Root Access Risk

Mozilla Urgent Firefox Patch Fixes RCE Flaws

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

ModiLoader Malware Targets Windows Users

May 19, 2025
Glibc Flaw Gives Linux Root Access Risk

Glibc Flaw Gives Linux Root Access Risk

May 19, 2025

Latest Alerts

W3LL Phishing Kit Steals Microsoft Logins

Windows 10 Intel BitLocker Bug Fixed

Zoom Phishing Attack Steals Corporate Logins

Mozilla Urgent Firefox Patch Fixes RCE Flaws

ModiLoader Malware Targets Windows Users

Glibc Flaw Gives Linux Root Access Risk

Subscribe to our newsletter

    Latest Incidents

    Belgian mobile customers’ data leaked

    Promises2Kids Data Breach Hits Foster Youth

    RVTools Compromised With a Trojanized Installer

    Massive DDoS Hits Poland’s Civic Platform

    Arla Plant Cyberattack Halts Operations

    Georgia’s Harbin Clinic Hit by Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial