Security News > 2020 > January > Router Cryptojacking Campaign Disrupted
Nearly 16,000 malware-infected MicroTik routers have been scrubbed of Coinhive cryptojacking code thanks to an international police operation.
The international law enforcement agency Interpol says it launched Operation Goldfish Alpha in June 2019 to target 20,000 hacked routers in Southeast Asia that were being used to mine for cryptocurrency, as well as to raise awareness in the region of the threat posed by cryptojacking.
"Private sector partners, including Cyber Defense Institute and Trend Micro, supported the operation through information sharing and analysis of cryptojacking cases, and providing the participating countries with guidelines for patching infected routers and advice on preventing future infections," it says.
In April 2018, for example, MikroTik had quickly patched a zero-day flaw, designated CVE-2018-14847, that attackers can use to gain full access to a vulnerable router.
By September 2018, Bad Packets reported that it was seeing at least "80 unique cryptojacking campaigns targeting vulnerable MikroTik routers," and that more than 209,000 carrier-grade MicroTik routers had been infected with one of two different types of software - Coinhive and Crypto-Loot - that mine for cryptocurrency.
News URL
https://www.inforisktoday.com/router-cryptojacking-campaign-disrupted-a-13592
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-02 | CVE-2018-14847 | Path Traversal vulnerability in Mikrotik Routeros MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. | 6.4 |