Please scour your routers for dodgy accounts in ppp secrets.
One of our extremely secure routers running ROS 6.41.2 has been compromised by what I believe must be a security vulnerability. This router has brute-force protection and ridiculous passwords which would have made brute-forcing it impossible.
A VPN account was created with username iam and password iam. This account was also used... It set its local address to 184.108.40.206 and remote address to 220.127.116.11. service=any and profile=default
I have submitted a supout to Mikrotik so hopefully they can investigate this and get to the bottom of this so that all routers can be patched.