Up to 300,000 routers worldwide may be compromised in a new attack, according to researchers.
A report from Team Cymru states the organization has identified over 300,000 compromised devices, "predominantly in Europe and Asia, which we believe have been compromised as part of this campaign, one which dates back to at least mid-December of 2013." What the team noticed was that routers, which include those made by D-Link, Micronet, Tenda, TP-Link, and others, had their DNS settings changed to use the IP addresses 220.127.116.11 and 18.104.22.168.
According to Ars Technica the hacks may include"a recently disclosed cross-site request forgery (CSRF) that allows attackers to inject a blank password into the Web interface of TP-Link routers. Other attack techniques may include one that allows wireless WPA/WPA2 passwords and other settings to be remotely changed."
Ars Technica has an excellent write up about this.