Honeypot Logs: A Botnet’s Search for Mikrotik Routers

Last month, I wrote a post about setting up honeypots on GCP where I stood up a low-interaction SSH honeypot. Since then, I’ve been able to log a few megabytes worth of unauthorized behavior. This post will report on a repeated security event targeting misconfigured MikroTik routers.

Event Behavior