According to the researchers, Team Cymru, it seems that these hackers have managed to commandeer these routers and actually made changes to the DNS servers. Some of the hacks that they think could have been used include cross-site request forgery, as well as remotely changing WPA/WPA2 passwords.
As it stands there does not appear to be one particular region that has been targeted as they report that it has occurred worldwide, including countries such as Vietnam, India, Italy, Thailand, and Colombia. What happens when these routers get hacked is that the hackers can then re-route websites visited to malicious websites which might then attempt to steal critical information from the users, such as bank passwords and so on.
According to the report, “The scale of this attack suggests a more traditional criminal intent, such as search result redirection, replacing advertisements, or installing drive-by downloads; all activities that need to be done on a large scale for profitability.”
The researchers have also reached out to the companies whose routers have been compromised to inform them of the hack. In the meantime apart from changing your router to one with tougher security, is to disable remote administration capabilities, or at least limit the IP addresses that can access the router, and to check your DNS settings to make sure they haven’t been altered.
So far it has been found that routers that have been compromised have had their DNS settings changed to 5.45.75.11 and 5.45.76.36.