[lacnog] Postmortem of a Compromised MikroTik Router
Lucimara Desiderá
lucimara en cert.br
Jue Ago 16 16:30:58 BRT 2018
"Postmortem of a Compromised MikroTik Router
An examination of a router infected in a large-scale coin-mining campaign.
Cryptocurrency coinminers are the new ransomware and malicious actors
have already pounced on the opportunity to make their fortune. Symantec
has been tracking a large-scale coin-mining campaign which, as per
Shodan, has currently infected about 157,000 MikroTik routers.
Researchers discovered this coin-mining campaign in early August 2018.
The campaign was initially concentrated in Brazil; however, it soon
began infecting routers around the world. I decided to take a closer
look at one of these infected routers to get a better understanding at
what’s going on."
Artigo completo em:
https://www.symantec.com/blogs/threat-intelligence/hacked-mikrotik-router
--
Atenciosamente,
Lucimara Desiderá
CERT.br/NIC.br
http://www.cert.br/
Más información sobre la lista de distribución LACNOG