More than 200,000 routers hit with a sophisticated cryptomining attack that appears to be spreading.
In March, routers from Latvian manufacturer MikroTik were hit by an advanced threat dubbed Operation Slingshot. The company patched for the threat, but now a new cryptomining attack has hit MikroTik routers and appears to be spreading rapidly.
The original Operation Slingshot campaign was spyware that was able to gather screenshots, keyboard data, network data, passwords, various desktop activity, the clipboard, and more without ever using a zero-day exploit. Instead, the attack took advantage of two modules that were able to implant themselves in a targeted router. Those modules were accompanied by very sophisticated detection evasion techniques that included shutting down the attack if certain forensic activities were detected. Nevertheless, the attack was discovered and countered.