Two IP addresses based in London have managed to hijack more than 300,000 internet routers, according to security researchers in Wales.
A paper by 'Team Cymru' said that the massive hack had been carried out on targets around the world.
This type of hack is relatively rare, in that it was aimed at routers instead of computers. But in essence it was similar to other botnet hacks, in that the aim was to direct traffic from legitimate sites to spoof versions which look the same, but can be dangerous or deliberately fraudulent.
(The Verge points to a similar attack in Poland, where hackers using the same exploit were able to steal bank account details (and the contents of those accounts).
Team Cymru's Steve Santorelli said that it still wasn't sure where the traffic in this case was supposed to be directed, or what the ultimate goal for the hackers was.
All it knows is that 300,000 routers were affected, mostly in Eastern Europe and Asia, and that the hack was run from just two IP addresses based in London, registered to a '3NT Solutions'.
Team Cymru added that the affected routers were vulnerable because they were not given regularly security patches -- the vulnerability is two years old, and most routers in the UK are able to prevent it.
The group said it was working with officials to trace the attack back to its origins, but said in the meantime the only way to protect against it was to ensure your router's security is up to date.
"This is a logical evolution from traditional botnet technology," Santorelli said, according to The Verge. "And one that now requires the vendors to fix, immediately."
The full report from Team Cymru will be available soon, according to the group's website.