Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

MikroTik Devices Used in Large Botnet Attack

January 16, 2025
Reading Time: 2 mins read
in Alerts
Critical Cryptojacking Code Found in Kong Ingress Controller Image

A newly discovered botnet, consisting of 13,000 compromised MikroTik devices, is taking advantage of misconfigured domain name server (DNS) records to bypass email security measures and deliver malware. The threat actor behind the botnet exploits a vulnerability in the sender policy framework (SPF) used to validate email senders. The attacker misconfigures the SPF record for around 20,000 web domains, using an overly permissive “+all” option that allows any server to send emails on behalf of those domains, thus enabling email spoofing and the delivery of malicious content.

The botnet was discovered by DNS security company Infoblox, which tracked the activity of the malspam campaign active in late November 2024. Some of the fraudulent emails impersonated well-known companies like DHL Express, tricking recipients into opening attachments that appeared to be freight invoices. These attachments contained a ZIP file which, once opened, executed a JavaScript file that ran a PowerShell script, which in turn connected to a command-and-control server controlled by the attacker. The domain associated with the C2 server had previously been linked to Russian cybercriminal groups.

Infoblox researchers revealed that the botnet’s operation was much larger than initially thought

Infoblox researchers revealed that the botnet’s operation was much larger than initially thought, with approximately 13,000 hijacked MikroTik devices forming part of a significant, sprawling network. These devices were used to send phishing emails, exfiltrate data, and mask the origin of malicious network traffic. By configuring the MikroTik routers as SOCKS4 proxies, the attacker was able to amplify the scale of the botnet’s operations, allowing it to launch distributed denial-of-service (DDoS) attacks, deliver phishing emails, and distribute malware more effectively. This method of botnet expansion enables the attackers to leverage a large number of compromised devices, significantly increasing the impact of their operations.

Despite warnings to MikroTik device owners to update their firmware and patch vulnerabilities, many devices remain exposed due to slow patching practices. The botnet demonstrates the potential danger posed by unsecured, outdated networking devices. Infoblox has advised MikroTik users to apply the latest firmware updates, change default admin credentials, and restrict remote access to control panels unless absolutely necessary. The misuse of MikroTik devices highlights the importance of maintaining robust security practices and timely software updates to protect against botnet-driven cyberattacks.

Reference:
  • MikroTik Botnet Exploits DNS Flaws to Spread Malware Across 20000 Domains
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityJanuary 2025
ADVERTISEMENT

Related Posts

FreeDrain Phishing Steals Crypto Funds

FBI Warns Cybercriminals Exploit Routers

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

X Scam Targets Crypto Users with Fake Ads

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

FreeDrain Phishing Steals Crypto Funds

May 9, 2025
COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial