Cybercrime experts collaborated in locating and patching hacked routers

The number of devices infected with cryptojacking malware in Southeast Asia has been reduced by 78% following a five-month police operation led by Interpol.

The operation, dubbed Goldfish Alpha, was launched in 2019 in response to the identification of 20,000 routers in the region that had been maliciously mining cryptocurrency, Interpol said in a press release published earlier this week.

Cryptojacking is the unauthorized use of an individual or organization’s computer to secretly mine for cryptocurrency.

Its prevalence in Southeast Asia was facilitated through the exploit of a known vulnerability in MikroTik routers, Interpol said.

Cybercrime experts from police forces and the national Computer Emergency Response Teams (CERTs) from the 10 ASEAN countries – Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand, and Vietnam – collaborated in locating and patching infected routers and alerting victims.

Although the operation officially concluded in late November, efforts to remove the infections from the remaining devices are ongoing, Interpol said.


RELATED A guide to cryptojacking: How to prevent your computer from being turned into a money-making tool


Trend Micro, Cyber Defense Institute, and the National Cyber Security Center of Myanmar were among the organizations that advised victims on patching compromised routers and preventing future infections.

“When faced with emerging cybercrimes like cryptojacking, the importance of strong partnerships between police and the cybersecurity industry cannot be overstated,” said Craig Jones, director of cybercrime at Interpol.

“By combining the expertise and data on cyber threats held by the private sector with the investigative capabilities of law enforcement, we can best protect our communities from all forms of cybercrime.”


Craig Jones, Interpol's director of cybercrime, introduced Operation Goldfish Alpha in June 2019


MikroTik has been a favored target for cryptojacking malware. In 2018, 200,000 of its routers were found to have been injected with a malicious version of the now-defunct mining service Coinhive, 360 Security Center reported.

Last month, a security researcher warned that, despite security updates, the majority of MikroTik RouterOS versions 6.45.6 and below remained vulnerable to a variety of exploits.

According to Interpol, hacked routers in the Southeast Asia region account for 18% of those cryptojacking infections globally.

The Daily Swig has reached out to Interpol for comment.


READ MORE First cryptojacking worm to abuse containers arrives on Docker