According to researchers at Bad Packets, hackers have been running a hijacking campaign which is targeting older versions of D-Link’s home routers. These routers are older units, typically used in DSL customer homes. The models include:
D-Link DSL-2640B, D-Link DSL-2740R, D-Link DSL-2780B, D-Link DSL-526B, D-Link DSL-2640B, D-Link DSL-2740R, D-Link DSL-2780B, D-Link DSL-526B, ARG-W4 ADSL routers, DSLink 260E routers, Secutech routers, and TOTOLINK routers
If you’re running one of these models, it’s a very good idea to upgrade to something more current. Also, be sure that whatever router (or any other equipment) you’re running doesn’t have the default username/password combination that the unit shipped with from the factory.
If you’re a bit tech savvy, you can look at your router’s DNS settings to see if they have been tampered with. Generally your DNS entries will be set to your ISP’s DNS servers, or some other well known DNS server. If your DNS server settings are set to 188.8.131.52, 184.108.40.206, 220.127.116.11 or 18.104.22.168, you may have been compromised, and should change them immediately. F-Secure provides a free tool, located here, which can assist you in determining whether or not you may have been compromised.
More information can be found here: https://www.zdnet.com/article/hacker-group-has-been-hijacking-dns-traffic-on-d-link-routers-for-three-months/