A widespread cyber attack has been compromising several hundreds of thousands of wireless routers in Europe and Asia, with a larger majority of affected devices found to reside in Vietnam, according to a report from Internet security research firm Team Cymru.

The report, titled Growing Exploitation of Small Office Routers Creating Serious Risks, said consumer-grade small office / home office (SOHO) routers are victims of the large-scale pharming campaign.

Pharming is a cyber attack intended to redirect a website's traffic to another, bogus site.

The security firm said its report, released on Thursday, detailed the latest campaign in a growing trend it has observed of cyber criminals targeting SOHO routers.

Team Cymru’s Enterprise Intelligence Services have so far identified over 300,000 devices, predominantly in Europe and Asia, which they believe have been compromised since mid-December 2013.

“Our analysis indicated that a large majority of affected routers resided in Vietnam,” the report said, adding other top countries affected included India, Italy and Thailand.

“Attackers are altering the DNS configuration on these devices in order to redirect victims’ DNS requests and subsequently replace the intended answers with IP addresses and domains controlled by the attackers.”

Affected devices had their DNS settings changed to use the IP addresses 5.45.75.11 and 5.45.75.36.

By doing so, the hackers will be able to effectively conduct a Man-in-the-Middle attack.

Man-in-the-Middle attack is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.

“Cyber criminals are turning to new methods to achieve their desired goals, without gaining access to victims’ machines directly,” Team Cymru said.

The affected devices are vulnerable to multiple exploit techniques, while many cyber crime participants have become used to purchasing bots, exploit servers, and other infrastructure as managed services from other criminals.

The reason that makes SOHO-type wireless routers “a very attractive target for cyber criminals,” according to the company, is that most consumers are “unfamiliar with configuring these devices, as well as frequently insecure default settings, backdoors in firmware, and commodity-level engineering standards make.”

The report also indicates that the compromise is not limited to a single manufacturer with a range of router models from several manufacturers apparently compromised.

“As with the DNSChanger malware, unwitting victims are vulnerable to a loss of service if the malicious servers are taken down, as both primary and secondary DNS IP addresses are overwritten, complicating mitigation,” it warned.