MikroTik botnet uses misconfigured SPF DNS records to spread malware

MikroTik botnet uses misconfigured SPF DNS records to spread malware
Summary: A newly discovered botnet comprising 13,000 compromised MikroTik devices exploits misconfigured DNS records to bypass email protections and deliver malware. The botnet utilizes an overly permissive SPF record, allowing the spoofing of around 20,000 web domains, and has been linked to a malspam campaign impersonating DHL Express. This operation highlights the vulnerabilities in MikroTik devices, which are often targeted for their powerful capabilities in launching attacks.

Threat Actor: Unknown | unknown
Victim: MikroTik device owners | MikroTik device owners

Keypoints :

  • A botnet of 13,000 MikroTik devices is leveraging misconfigured SPF records to deliver malware.
  • The malspam campaign impersonated DHL Express, delivering malicious payloads through fake invoices.
  • MikroTik device owners are urged to update firmware and secure their devices to prevent exploitation.

Source: https://www.bleepingcomputer.com/news/security/mikrotik-botnet-uses-misconfigured-spf-dns-records-to-spread-malware/