Look for malicious tasks in /system script and /system scheduler .
For years, MikroTik backups were stored in a format that was relatively easy to decode if an attacker gained access to the file. Specifically, vulnerabilities like CVE-2018-14847 allowed attackers to remotely skip authentication and download the user.dat file. mikrotik backup patched
Instructions on how to your router without exposing it to attacks. Look for malicious tasks in /system script and
Storing a backup on the router itself is a risk. If the router is compromised, the backup is too. mikrotik backup patched
Ensure both the and the RouterBOARD firmware (under /system routerboard ) are updated.