For more detail see here, but the story in essence is that there was a vulnerability fixed in 2018 which allowed an attacker with access to the "Winbox" management port to discover login details. There is no indication of any new vulnerability but the current attack could be using passwords learned pre-2018 and not subsequently changed, or configuration added at that time (or copied from an older router) as well as routers still running the vulnerable code.
Although I'm completely confident none of mine could ever have been accessed from outside my network, I still spent the five minutes required to check them.
https://blog.qrator.net/en/meris-botnet-climbing-to-the-record_142/https://blog.mikrotik.com/security/meris-botnet.html
