It was only a matter of time : Botnet of Aethra Routers used for brute-forcing WordPress sites
A year ago, a researcher from Italian security company VoidSec investigated his WordPres logs, to discover that there was a brute-force attack going on trying to guess the admin password, and of course try the default (blank admin & password). He found out the attack came from Aethra modem/routers (BG1242W, BG8542W) (Aethra is an Italian telecom company).
Well, he does say that
I cannot easily determine if attacks come directly from the devices or from PCs connected to them, but it is safe to think that routers are the main actors.
Additional investigation also revealed that some of the routers were also susceptible to various reflected XSS and CSRF attacks that would also allow attackers to take control of the device.
Botnet size:
Using #Shodan, a search engine for locating Internet-connected devices, researchers found over 12,000 of Aethra routers around the world, 10,866 in Italy alone, and over 8,000 of these devices were of the model detected in the initial brute-force attack (Aethra Telecommunications PBX series). At that time, 70% of these Aethra routers were still using their default login credentials
The details are in their article: