A firm registered in London finds itself at the centre of a massive attack redirecting traffic from over 300,000 routers. 3NT Solutions appeared a part of an attack which has control of consumer and small office/home office (SOHO) routers across Europe and Asia.


US security company Team Cymru claimed to have uncovered a "SOHO pharming" attack which had overwritten DNS settings on about 300,000 routers. This move allows hackers to redirect traffic to websites and domains controlled by them. In other words, the attackers are conducting a man-in-the-middle attack.
Security experts at Team Cymru admit that the hacking attack was very clever: they changed the routers' DNS settings to 2 IP addresses, both of which are for machines that are located in the Netherlands, but registered with British company 3NT Solutions. The latter was offline and couldn’t be reached for comment. It is known that the company’s registered address was a mailbox location in central London.
According to security researchers, there was a connection between Serbian web host inferno.name and the 3NT, with the former being known as a "bad actor" running malicious and "spammy" websites. The experts are advising admins to "block all their IPs on sight", pointing out that the router attack was quite serious. Although the attack wasn’t new as a problem to the security community, it was one of the biggest seen recently as it was quite insidious.
Apparently, the hacker attack affected devices from a number of manufacturers, and consumer unfamiliarity with configuring routers and weak default settings makes them an extremely attractive target. While the problem wasn’t a hardware bug, it was rather the weakness in ZyXEL’s popular router firmware, ZynOS.