Netlab 360 has disclosed the discovery of a widespread exploitation campaign against MikroTik routers around the world. The exploit has been found to have taken over 7,500+ MikroTik routers and utilizes the CIA’s Vault 7 tool. The attackers have configured the routers to send them a copy of certain traffic going through the router, mostly unencrypted protocols.
Netlab estimates over 370,000 MikroTik routers around the world are vulnerable to this same exploit, meaning this campaign may continue to grow.
MikroTik has already released patches for the vulnerability being utilized, which indicates a strong need to update the firmware on any router, not just MikroTiks, as soon as reasonably possible.
This attack is also mitigated by disabling internet-facing management options that aren’t locked down to trusted hosts–another best practice for internet accessible devices.