If you’ve been following the infosec Twitter community for the last few days, you couldn’t ignore the constant talk about the massive scans currently taking place online, carried out by a Hajime IoT botnet looking to mass-infect unpatched MikroTik devices.

All of the hoopla started on Sunday, March 25, when suspicious scans for port 8291 popped up out of the blue on everyone’s honeypots.

The scans only continued in the following days, showing no sign of abating, and attracting attention from security researchers from all over the globe.

The attention was warranted as the scans weren’t something small, and continued at an intensive rate. The first to spot the scans were researchers from Qihoo 360’s Netlab team, who said today this Hajime botnet performed over 860,000 scans in the last three days, albeit they couldn’t tell how many of these scans were also successful infections.

Attackers use eChimay Red exploit against MikroTik devices

The exploit attackers were trying to use was a vulnerability known as “Chimay Red,” a bug that affects MikroTik RouterOS…

[SOURCE]