There is currently another wave of attacks on RouterOS under way across US/EU address space.
This attack utilizes the Winbox vuln. that has been patched in April this year.
The current wave of attacks is very similar to the mass-exploitation of routers across Brazil earlier this month.
This time tho, it is being performed against the US/EU address space.
This particular wave of attacks focuses on DNS hijacking, and then traffic redirection of the end-user devices.
This is just a PSA post to make sure your network is protected.
PLEASE make sure your MikroTiks are properly secured (firewall, ACLs on administrative interfaces, etc.)
PLEASE make sure you are running latest RouterOS versions in your network.
Default configurations of RouterOS are NOT affected - in order to be affected by this, you need to have the Winbox service exposed publicly.