WhiteHat NG is Nigeria's leading CERT-style Information Sharing and Analysis Center (ISAC). Founded in 2019, it serves as a people's Computer Emergency Response Team, providing cybersecurity advisories, vulnerability disclosure services, and threat intelligence to protect Nigerian cyberspace. WhiteHat NG publishes security advisories about vulnerabilities and threats affecting Nigerian organizations and citizens.

How do I report a security vulnerability to WhiteHat NG?

You can report security vulnerabilities through WhiteHat NG's Vulnerability Disclosure Program (VDP) at whitehat.ng/vdp/report. The platform accepts reports about vulnerabilities in Nigerian digital infrastructure, government systems, and private sector applications. All reports are handled confidentially by trained security professionals who coordinate responsible disclosure with affected organizations.

What types of security advisories does WhiteHat NG publish?

WhiteHat NG publishes four severity levels of security advisories: Critical (immediate action required), High (significant risk), Medium (moderate risk), and Low (minimal risk). Advisories cover topics including software vulnerabilities, malware campaigns, phishing attacks, data breaches, and emerging cyber threats affecting Nigeria. All advisories are available via web and RSS feed at whitehat.ng/advisories.

Is WhiteHat NG affiliated with the Nigerian government?

WhiteHat NG operates as an independent, community-driven cybersecurity organization. While it collaborates with government agencies and private sector partners on security matters, it maintains independence to serve as a trusted neutral party for vulnerability disclosure and security coordination. This independence allows WhiteHat NG to advocate for both security researchers and affected organizations.

How can organizations partner with WhiteHat NG?

Organizations can partner with WhiteHat NG through several programs: becoming an information sharing partner for threat intelligence, participating in the Vulnerability Disclosure Program as a receiving organization, sponsoring cybersecurity awareness initiatives, or contributing to advisory development. Contact partnerships@whitehat.ng or visit the About page for more information on collaboration opportunities.

Alert: Immediate Threats to Mikrotik Routers

Threat Summary

We recently observed a concerning incident involving a threat group specializing in exploiting vulnerable Mikrotik routers running outdated RouterOS. Within minutes, we detected the group attempting to brute-force access via Telnet.

Evidence of Attack Activity

Mikrotik Router Attack Evidence 1

The screenshot above shows the initial reconnaissance and brute-force attempts targeting exposed Mikrotik devices.

Mikrotik Router Attack Evidence 2

Further analysis revealed systematic scanning patterns targeting management interfaces.

Attack Details

Attack Vector

Telnet brute-force attacks
Exploitation of known RouterOS vulnerabilities
Default credential abuse

Observable Activity

Rapid login attempts on port 23 (Telnet)
Scanning for management interfaces
Attempted exploitation of CVE-2018-14847 and similar

Affected Devices

RouterOS Version	Risk Level	Status
< 6.42	Critical	Actively exploited
6.42 - 6.48	High	Vulnerable
6.49+	Medium	Patch available
7.x	Low	Most secure

Consequences of Compromise

Botnet Recruitment: Compromised routers used in DDoS attacks
Traffic Interception: Man-in-the-middle attacks
Cryptomining: Resources hijacked for cryptocurrency mining
Lateral Movement: Gateway to internal networks
Data Theft: Capture of network traffic

Immediate Actions Required

Critical Steps

Update RouterOS: Upgrade to the latest stable version immediately
Disable Telnet: If not needed, disable Telnet service completely
Change Credentials: Use strong, unique passwords
Firewall Rules: Restrict management access to trusted IPs
Enable Logging: Monitor for suspicious access attempts

Configuration Commands

# Disable Telnet
/ip service disable telnet

# Restrict Winbox access
/ip service set winbox address=192.168.0.0/24

# Change default admin password
/user set admin password=YourSecurePassword

Monitoring

Watch for:

Unexpected configuration changes
Unknown scheduled scripts
Unusual traffic patterns
Failed login attempts

WhiteHat NG Infrastructure Alert