Security News > 2022 > March > Microsoft creates tool to scan MikroTik routers for TrickBot infections
Microsoft released a scanner that detects MikroTik routers hacked by the TrickBot gang to act as proxies for command and control servers.
For years, TrickBot has used IoT devices, such as routers, to act as a proxy between an infected device and command and control servers.
In a new report by Microsoft, researchers explain how the TrickBot gang targeted vulnerable MikroTik routers using various methods to incorporate them as proxies for C2 communications.
The TrickBot operations utilized various methods when hacking into MikroTik routers, starting with using default credentials and then performing brute force attacks to guess the password.
As Microsoft underlines, the actors appear to have an in-depth knowledge of the limited functions of the Linux-based OS in MikroTik devices, using custom SSH commands that would make little sense on other devices.
Microsoft has now released a forensics tool named 'routeros-scanner' that network admins can use to scan MikroTik devices for signs that it was compromised by TrickBot.