{"id":15660,"date":"2018-10-12T15:07:25","date_gmt":"2018-10-12T15:07:25","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/29412\/A-Mysterious-Grey-Hat-Is-Patching-Peoples-Outdated-MikroTik-Routers.html"},"modified":"2018-10-12T15:07:25","modified_gmt":"2018-10-12T15:07:25","slug":"a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\/","title":{"rendered":"A Mysterious Grey Hat Is Patching People&#8217;s Outdated MikroTik Routers"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/zdnet4.cbsistatic.com\/hub\/i\/r\/2018\/10\/12\/d634458c-6027-4b3e-b239-241236106ca2\/thumbnail\/770x578\/c571e99bfd15608214aa1ca018a4159a\/mikrotik.png\" class=\"ff-og-image-inserted\"\/><\/div>\n<p>A Russian-speaking grey-hat hacker is breaking into people&#8217;s MikroTik routers and patching devices so they can&#8217;t be abused by cryptojackers, botnet herders, or other cyber-criminals, <em>ZDNet<\/em> has learned.<\/p>\n<p>The hacker, who goes by the name of Alexey and says he works as a server administrator, claims to have disinfected over 100,000 MikroTik routers already.<\/p>\n<p>Alexey has not been trying to hide his actions and has boasted about his hobby on a Russian blogging platform. He says he accesses routers and makes changes to their settings to prevent further abuse.<\/p>\n<p>&#8220;I added firewall rules that blocked access to the router from outside the local network,&#8221; Alexey said. &#8220;In the comments, I wrote information about the vulnerability and left the address of the @router_os Telegram channel, where it was possible for them to ask questions.&#8221;<\/p>\n<p>But despite adjusting firewall settings for over 100,000 users, Alexey says that only 50 users reached out via Telegram. A few said &#8220;thanks,&#8221; but most were outraged.<\/p>\n<p>The vigilante server administrator says he&#8217;s been only fixing routers that have not been patched by their owners against a MikroTik vulnerability that came to light in late April.<\/p>\n<p>At the time, the vulnerability (known as <a href=\"https:\/\/n0p.me\/winbox-bug-dissection\/\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2018-14847<\/a>) was a zero-day, but MikroTik <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/mikrotik-patches-zero-day-flaw-under-attack-in-record-time\/\" target=\"_blank\" rel=\"noopener noreferrer\">rolled out a fix in record time<\/a>. Nonetheless, cyber-criminals quickly jumped on board to exploit the flaw.<\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_ZD_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\">\n<\/section>\n<p>CVE-2018-14847 is a very convenient vulnerability because it allows an attacker to bypass authentication and download the user database file. Attackers decrypt this file and then use one of the username &amp; password combos to log into a remote device and make OS settings and run various scripts.<\/p>\n<p>For the past five and a half months, the vulnerability has been mainly used to plant cryptojacking scripts on outdated MikroTik routers [<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/massive-coinhive-cryptojacking-campaign-touches-over-200-000-mikrotik-routers\/\" target=\"_blank\" rel=\"noopener noreferrer\">1<\/a>, <a href=\"https:\/\/badpackets.net\/200000-mikrotik-routers-worldwide-have-been-compromised-to-inject-cryptojacking-malware\/\" target=\"_blank\" rel=\"noopener noreferrer\">2<\/a>] and to hijack DNS servers and later redirect user traffic towards malicious sites [<a href=\"https:\/\/www.zdnet.com\/article\/thousands-of-mikrotik-routers-are-snooping-on-user-traffic\/\" target=\"_blank\">1<\/a>, <a href=\"https:\/\/www.zdnet.com\/article\/gigantic-100000-strong-botnet-used-to-hijack-traffic-meant-for-brazilian-banks\/\" target=\"_blank\">2<\/a>].<\/p>\n<p>This wouldn&#8217;t be an issue, but MikroTik is one of today&#8217;s most popular router brand. There are over two million MikroTik routers around the globe.<\/p>\n<p>Security researcher <a href=\"https:\/\/twitter.com\/bad_packets\" target=\"_blank\" rel=\"noopener noreferrer\">Troy Mursch<\/a> told ZDNet today that of the millions of MikroTik routers currently connected to the Internet, over 420,000 show signs they&#8217;ve been infected with cryptocurrency-mining scripts.<\/p>\n<p>Speaking to ZDNet today, <a href=\"https:\/\/twitter.com\/ankit_anubhav\" target=\"_blank\" rel=\"noopener noreferrer\">Ankit Anubhav<\/a>, a security researcher for NewSky Security, has also indicated that DDoS botnet authors have also been trying to infect and corral these devices under their control, but failing.<\/p>\n<p>&#8220;The usual IoT blackhat botnet factory is basically clueless about the exploit, and how it can be deployed for a proper functioning botnet,&#8221; Anubhav said.<\/p>\n<p>Instead, he says the people placing cryptocurrency-mining scripts on the devices are far more adept at hijacking the vulnerable routers. Anubhav speculated that this looks to be the &#8220;work of a knowledgeable lone actor.&#8221;<\/p>\n<p>Things became even worse for the MikroTik community this past week after Tenable researchers <a href=\"https:\/\/www.zdnet.com\/article\/known-mikrotik-vulnerability-scales-up-the-severity-scale-permits-root-access\/\" target=\"_blank\">released a new exploit<\/a> named &#8220;<a href=\"https:\/\/github.com\/tenable\/routeros\/tree\/master\/poc\/bytheway\" target=\"_blank\" rel=\"noopener noreferrer\">By The Way<\/a>&#8221; for the original CVE-2018-14847 vulnerability. This spurred new interest from the botnet community.<\/p>\n<p>But the reason why Alexey was able to &#8220;clean&#8221; over 100,000 routers is because none of the hacker groups currently abusing MikroTik routers appear to perform basic hygiene.<\/p>\n<p>&#8220;The attackers are not closing [device ports] or patching the devices, so anyone who wants to further mess with these routers, can,&#8221; Anubhav told <em>ZDNet<\/em>.<\/p>\n<p>Fortunately, Alexey has been doing this clean-up on some users&#8217;s behalf. But technically speaking, Alexey is on the wrong side of the law. Despite his good intentions, it is illegal to access another person or organization&#8217;s equipment without consent.<\/p>\n<p>Alexey&#8217;s vigilante spree may be illegal, but he is definitely not the first.<\/p>\n<p>In 2014, a hacker accessed <a href=\"https:\/\/arstechnica.com\/information-technology\/2014\/02\/dear-asus-router-user-youve-been-pwned-thanks-to-easily-exploited-flaw\/\" target=\"_blank\" rel=\"noopener noreferrer\">thousands of ASUS routers<\/a> and planted text warnings inside computers with shared folders and hard drives that were located behind those routers, warning users to patch their ASUS device.<\/p>\n<p>In late 2015, a team of vigilante hackers going by the name of <a href=\"https:\/\/news.softpedia.com\/news\/creators-of-the-benevolent-linux-wifatch-malware-reveal-themselves-493938.shtml\" target=\"_blank\" rel=\"noopener noreferrer\">the White Team<\/a> launched the Linux.Wifatch malware that closed security holes on a variety of Linux-based routers. At one point, the White Team&#8217;s botnet became so big it <a href=\"https:\/\/www.forbes.com\/sites\/thomasbrewster\/2016\/02\/09\/vigilantes-want-lizard-squad-out-of-your-home\/#41358c837a79\" target=\"_blank\" rel=\"noopener noreferrer\">battled<\/a> with the botnet of the infamous Lizard Squad team for the title of the Internet&#8217;s largest botnet.<\/p>\n<p>In 2017, a more devious vigilante hacker named <a href=\"https:\/\/www.bleepingcomputer.com\/tag\/brickerbot\/\" target=\"_blank\" rel=\"noopener noreferrer\">The Janit0r<\/a> deployed the <a href=\"https:\/\/www.zdnet.com\/article\/homeland-security-warns-of-brickerbot-malware-that-destroys-unsecured-internet-connected-devices\/\" target=\"_blank\">BrickerBot malware<\/a> that erased firmware or bricked IoT devices that had not been updated.<\/p>\n<p>Also in 2017, a hacker made <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/a-hacker-just-pwned-over-150-000-printers-left-exposed-online\/\" target=\"_blank\" rel=\"noopener noreferrer\">over 150,000 printers<\/a> spew out a message to their owners to raise everyone&#8217;s awareness about the danger of leaving printers exposed online.<\/p>\n<p>In 2018, another vigilante renamed <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/tens-of-thousands-of-defaced-mikrotik-and-ubiquiti-routers-available-online\/\" target=\"_blank\" rel=\"noopener noreferrer\">tens of thousands of MikroTik and Ubiquiti routers<\/a> to &#8220;HACKED&#8221; and other messages to get owners&#8217; attention to update their devices.<\/p>\n<p>Mursch told <em>ZDNet<\/em> that he doesn&#8217;t believe the MikroTik situation will get better any time soon.<\/p>\n<p>&#8220;Rebooting grandma&#8217;s router won&#8217;t fix this,&#8221; he said. &#8220;Remediation efforts must be done by the service providers.&#8221;<\/p>\n<p>The reason is that many of these devices are not routers placed inside users&#8217; homes, but are so-called &#8220;edge&#8221; devices, often part of an ISP&#8217;s internal infrastructure, such as routers placed in ISP boxes left inside apartment complexes or on street poles.<\/p>\n<p>Another source in the infosec community who spoke to <em>ZDNet<\/em> but did not want his name shared for this story confirmed that Alexey&#8217;s vigilante efforts have also touched edge routers, not only those found in people&#8217;s homes.<\/p>\n<p>&#8220;Ironically, by cleaning some ISP routers he might get the ISPs to act and fix everyone&#8217;s routers as well,&#8221; the unnamed researcher told us.<\/p>\n<p>As for MikroTik, the Latvian company has been one of the most responsive vendors in terms of security flaws, fixing issues within hours or days, compared to the months that some other router vendors tend to take. It would be unfair to blame this situation on them. Patches have been available for months, but, yet again, it is ISPs and home users who are failing to take advantage of them.<\/p>\n<h3>RELATED COVERAGE:<\/h3>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/29412\/A-Mysterious-Grey-Hat-Is-Patching-Peoples-Outdated-MikroTik-Routers.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":15661,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[3967],"class_list":["post-15660","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinehackerflawpatch"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>A Mysterious Grey Hat Is Patching People&#039;s Outdated MikroTik Routers 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Mysterious Grey Hat Is Patching People&#039;s Outdated MikroTik Routers 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-10-12T15:07:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/10\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers.png\" \/>\n\t<meta property=\"og:image:width\" content=\"770\" \/>\n\t<meta property=\"og:image:height\" content=\"578\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"A Mysterious Grey Hat Is Patching People&#8217;s Outdated MikroTik Routers\",\"datePublished\":\"2018-10-12T15:07:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\\\/\"},\"wordCount\":998,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/10\\\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers.png\",\"keywords\":[\"headline,hacker,flaw,patch\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\\\/\",\"name\":\"A Mysterious Grey Hat Is Patching People's Outdated MikroTik Routers 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/10\\\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers.png\",\"datePublished\":\"2018-10-12T15:07:25+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/10\\\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/10\\\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers.png\",\"width\":770,\"height\":578},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,flaw,patch\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerflawpatch\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"A Mysterious Grey Hat Is Patching People&#8217;s Outdated MikroTik Routers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A Mysterious Grey Hat Is Patching People's Outdated MikroTik Routers 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\/","og_locale":"en_US","og_type":"article","og_title":"A Mysterious Grey Hat Is Patching People's Outdated MikroTik Routers 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-10-12T15:07:25+00:00","og_image":[{"width":770,"height":578,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/10\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"A Mysterious Grey Hat Is Patching People&#8217;s Outdated MikroTik Routers","datePublished":"2018-10-12T15:07:25+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\/"},"wordCount":998,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/10\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers.png","keywords":["headline,hacker,flaw,patch"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\/","url":"https:\/\/www.threatshub.org\/blog\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\/","name":"A Mysterious Grey Hat Is Patching People's Outdated MikroTik Routers 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/10\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers.png","datePublished":"2018-10-12T15:07:25+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/10\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/10\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers.png","width":770,"height":578},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,flaw,patch","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerflawpatch\/"},{"@type":"ListItem","position":3,"name":"A Mysterious Grey Hat Is Patching People&#8217;s Outdated MikroTik Routers"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/15660","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=15660"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/15660\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/15661"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=15660"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=15660"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=15660"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}