A Russian-speaking grey-hat hacker is breaking into people's MikroTik routers and patching devices so they can't be abused by cryptojackers, botnet herders, or other cyber-criminals, ZDNet has learned.
The hacker, who goes by the name of Alexey and says he works as a server administrator, claims to have disinfected over 100,000 MikroTik routers already.
Alexey has not been trying to hide his actions and has boasted about his hobby on a Russian blogging platform. He says he accesses routers and makes changes to their settings to prevent further abuse.
"I added firewall rules that blocked access to the router from outside the local network," Alexey said. "In the comments, I wrote information about the vulnerability and left the address of the @router_os Telegram channel, where it was possible for them to ask questions."
But despite adjusting firewall settings for over 100,000 users, Alexey says that only 50 users reached out via Telegram. A few said "thanks," but most were outraged.
The vigilante server administrator says he's been only fixing routers that have not been patched by their owners against a MikroTik vulnerability that came to light in late April.
At the time, the vulnerability (known as CVE-2018-14847) was a zero-day, but MikroTik rolled out a fix in record time. Nonetheless, cyber-criminals quickly jumped on board to exploit the flaw.
CVE-2018-14847 is a very convenient vulnerability because it allows an attacker to bypass authentication and download the user database file. Attackers decrypt this file and then use one of the username & password combos to log into a remote device and make OS settings and run various scripts.
For the past five and a half months, th...