FBI Warns: End-of-Life Routers Exploited for Cybercrime

Written By Luke Sheaves

It might be a good opportunity to look at your EOL home router to ensure that you are not compromised by ‘TheMoon”

The US Federal Bureau of Investigation (FBI) has issued a warning regarding the increasing exploitation of end-of-life (EoL) routers by cybercriminals. These outdated devices are being compromised and integrated into proxy networks, effectively masking the identities and locations of malicious actors.   According to the FBI, threat actors are deploying malware, including variants of "TheMoon," on these vulnerable routers, converting them into proxies that are subsequently offered for sale on platforms such as 5Socks and Anyproxy. This allows cybercriminals to conduct a range of illegal activities with a significantly reduced risk of detection and attribution. 

The FBI has specifically identified certain Linksys and Cisco router models as frequent targets in these attacks. Some of the Linksys models include:  

  • E1200

  • E2500  

  • E1000  

  • E4200  

  • E1500  

  • E300

  • E3200

  • WRT320N

  • E1550

  • WRT610N

  • E100

  • M10

  • WRT310N

There is also evidence linking Chinese state-sponsored actors to the exploitation of vulnerabilities within these routers for espionage purposes, highlighting the severity and scope of this issue.  

Typically the exploit used for these is known as "TheMoon." This malware is designed to configure the compromised routers as proxies, enabling cybercriminals to perform various illicit operations anonymously. These operations can include, but are not limited to, fraudulent transactions, distribution of malware, and other forms of cyberattacks.  

Mitigating the Risks Associated with EoL Routers

The continued use of end-of-life routers poses a significant security risk. The FBI strongly advises users to take the following steps to mitigate these risks:  

  • Replace EoL Routers: The most effective measure is to replace outdated routers with newer models that receive regular security updates.  

  • Apply Firmware Updates: Ensure that your router's firmware is updated to the latest version. These updates often include critical security patches that address known vulnerabilities.  

  • Change Default Credentials: Default usernames and passwords should always be changed to strong, unique credentials.

  • Disable Remote Administration: Unless absolutely necessary, remote administration access to your router should be disabled to prevent unauthorized access.  

The exploitation of end-of-life routers represents a serious and evolving threat. By taking proactive measures to secure their networks, users can significantly reduce their vulnerability to these types of attacks. The FBI's warning underscores the importance of maintaining vigilant cybersecurity practices and promptly addressing the risks associated with outdated hardware.

Luke Sheaves
Previous

Is your data safe in a world where your users use AI everyday?
Next

Paradox: When Fear Trumps Security