This is most interesting http://arstechnica.co.uk/security/2015/09/malicious-cisco-router-backdoor-found-on-79-more-devices-25-in-the-us/
The highly clandestine attacks hitting Cisco Systems routers are much more active than previously reported. Infections have hit at least 79 devices in 19 countries, including an ISP in the US that's hosting 25 boxes running the malicious backdoor.
That discovery comes from a team of computer scientists who probed the entire IPv4 address space for infected devices. As Ars reported Tuesday, the so-called SYNful Knock router implant is activated after receiving an unusual series of non-compliant network packets followed by a hardcoded password. By sending only the out-of-sequence TCP packets but not the password to every Internet address and then monitoring the response, the researchers were able to detect which ones were infected by the backdoor.
From the distribution of the backdoored equipment it seems for a sure a state sponsored act of naughtiness, those countries not on the list are likely to be the ones to focus the evil eye on.