<ul><li>Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware.</li><li>The botnet comprises MikroTik routers with various firmware versions, including recent ones.</li><li>The botnet uses compromised MikroTik devices as SOCKS proxies, masking malicious traffic origins.</li><li>The botnet operators exploit an improperly configured DNS record for the sender policy framework (SPF) to enable spoofing.</li></ul>

MikroTik botnet relies on DNS misconfiguration to spread malware

Discover more