Security News MikroTik Patches Zero-Day Flaw Under Attack in Record Time

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,318
BREAKING —MikroTik has released firmware patches for RouterOS, the operating system that ships with some of its routers. The patches fix a zero-day vulnerability exploited in the wild.

A MikroTik engineer said yesterday that "the vulnerability allowed a special tool to connect to the [MikroTik] Winbox port, and request the system user database file."

The attacker would then decrypt user details found in the database, and log into the MikroTik router.
Zero-day spotted on Czech forum
According to the users of a Czech technology forum, who first spotted the attacks, the hacks followed a similar pattern. The attacker would have two failed Winbox login attempts, a successful login, would change a few services, log out, and then come back a few hours later.
....
....
Zero-day was not mass-exploited
The good news is that all attacks were carried out from one IP address only, suggesting this was the work of a lone hacker. The IP address that all users reported seeing attacks coming from was 103.1.221.39, assigned to Taiwan.

The MikroTik zero-day exploitation attempts were on a very small scale, hardly registering on port activity trackers, such as the ones provided by SANS ISC and Qihoo 360 Netlab.
....
....
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top