Has anyone else experienced a routerOS intrusion nearly immediately after sending support a supfile? Yesterday I sent support a support file after we'd had several kernel panic crashes and within about 2.5 hours someone managed to log into the router using my credentials on the first attempt using the only service/port available from the outside world. I reviewed gathered logs for the last month and not a single hint of anyone poking around till then.
The attacker logged in via winbox, turned on socks, created a script, and scheduled the script to download a php file from a remote server.
Considering how tightly we control our security and how that account is never used, in fact going back to the router in question that login has never been used since inception as it was a backup full access local user. I'm really quite concerned here.