The FBI is sounding the alarm. In a press release published on May 7, 2025, the US federal police indicated that they had observed a wave of cyberattacks against certain "end-of-life" routers. As the FBI explains, these are routers that lack software and security updates.
The list of obsolete routers in hackers' sights
These old routers are, in fact, ideal targets for cybercriminals. All it takes is to exploit an unpatched vulnerability in the device to compromise it. Among the devices targeted by the attacks are several devices marketed by Linksys and Cisco. Here is the full list provided by the FBI:
- Linksys E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550
- Linksys WRT320N, WRT310N, WRT610N
- Cradlepoint E100
- Cisco M10
Cybercriminals are using several types of botnets to hack routers, including a virus called TheMoon. According to the FBI, hackers are using different variants of the malware, which appeared more than a decade ago. The virus does not need the password or login to install itself on the router. It scans for network entry points and exploits a vulnerable script to sneak in. This malware allows cyber actors to install proxies on unsuspecting victims' routers and commit cybercrimes anonymously. Once the malware is installed, attackers retain permanent access to the device. They can then communicate with it regularly (every 60 seconds to 5 minutes) to ensure it remains infected and ready for use. Once the router is under control, it is added to proxy networks like 5Socks and Anyproxy. All compromised routers act as relays, allowing hackers to orchestrate their crimes undetected. The website visited by the hacker does not record its "real IP address and instead records the proxy IP address", that is, the IP address of the compromised upstream router. The FBI indicates that compromised routers are widely used for illegal activities, such as cryptocurrency theft. Chinese hackers also use them for espionage operations in the United States.
Change your router
There are several signs that a router has been hacked by a botnet. Often, the device starts to overheat or experiences network connection problems more and more frequently. The appearance of unknown administrator accounts and abnormal or excessive network traffic should also alert you.
If possible, take the time to install the latest update deployed by the manufacturer on all your routers. In the scenario where no update is available, you should resort to upgrading your router to a newer device. This is the only way to protect yourself against cyberattacks. If you can't upgrade your router, "log into your router settings and disable remote management/remote administration," the FBI recommends.
Source: FBI
0 Comments