Russian Botnet Weaponizes MikroTik and DNS Vulnerabilities
A highly sophisticated cyber campaign orchestrated by a Russian botnet that leverages two main vulnerabilities: misconfigured DNS Sender Policy Framework (SPF) records on approximately 20,000 domains and exploited MikroTik routers. These routers were converted into a large-scale SOCKS4 proxy network to mask the threat actors’ activities and distribute malware via spoofed DHL emails. The text explicitly warns that incorrect use of the permissive “+all” flag in SPF records completely negates email anti-spoofing protections, facilitating the attack. The accompanying source, which is an advertisement for Technijian, positions the company as a premier managed IT services provider that offers specialized solutions like DNS security audits and advanced email security to protect organizations specifically against the type of advanced threats described.
