A Russian-speaking grey-hat hacker is breaking into people's MikroTik routers and patching devices so they can't be abused by cryptojackers, botnet herders, or other cyber-criminals, ZDNet has learned.
The hacker, who goes by the name of Alexey and says he works as a server administrator, claims to have disinfected over 100,000 MikroTik routers already.
Alexey has not been trying to hide his actions and has boasted about his hobby on a Russian blogging platform.
"I added firewall rules that blocked access to the router from outside the local network," Alexey said.
But despite adjusting firewall settings for over 100,000 users, Alexey says that only 50 users reached out via Telegram.
At the time, the vulnerability (known as CVE-2018-14847) was a zero-day, but MikroTik rolled out a fix in record time.
CVE-2018-14847 is a very convenient vulnerability because it allows an attacker to bypass authentication and download the user database file. »