MikroTik botnet relies on DNS misconfiguration to spread malware

A 13,000-device MikroTik botnet, exploiting DNS misconfigurations, spoofs 20,000 domains to deliver malware. The botnet, utilizing compromised MikroTik routers as SOCKS proxies, enables large-scale malicious activities, including DDoS, phishing, and malware spreading. The botnet’s operators exploit improperly configured DNS SPF records, allowing them to bypass email protections and spoof legitimate domains.

*****
Written on