FBI has issued a cybersecurity alert calling attention to a growing threat from criminals who exploit end-of-life (EOL) routers.
The alert underscores the vulnerabilities inherent in devices no longer supported by manufacturers, leaving hackers with open doors into old routers.
Routers are the guardians of the home’s infrastructure, but they are often relegated to a corner to gather dust for years. Newer routers can upgrade themselves with the latest security releases, but older ones can’t. And since people rarely remember that routers also need updates to keep them secure, these devices become prime targets for hackers.
This problem is compounded by the fact that after years of neglect, in which router diligently do their job, they reach end of life. This means manufacturers no longer support them. So, even if users want to secure their devices by applying the latest update, they can’t.
According to the FBI, threat actors use malware such as "5Socks" and "Anyproxy" to target routers that are past their support lifecycle, exploiting known vulnerabilities through remote management software that comes pre-installed on these devices. These vulnerabilities let attackers install malware, establish botnets, and sell proxy services to other criminal enterprises.
Routers identified explicitly as vulnerable in the FBI notification include models from Linksys such as E1200, E2500, E1000, E4200, E1500, E300, E3200, WRT320N, E1550, WRT610N, E100, M10, and WRT310N.
Once a router is compromised, attackers gain persistent root access, which lets them keep control of the devices. The malware often communicates with command and control servers, performs check-ins every 60 seconds to five minutes, and maintains continuous availability for malicious use as proxies.
For instance, attackers use these routers to intercept personal information such as login credentials, financial data, or confidential communications. Additionally, compromised routers can be used to launch Distributed Denial of Service (DDoS) attacks against other networks.
The FBI released Indicators of Compromise (IoCs), including specific file hashes associated with the malware:
These hashes correspond to specific exploit scripts and files used in recent campaigns.
The FBI strongly recommends that users identify and immediately replace vulnerable EOL routers with current, supported models.
If immediate replacement isn't feasible, the following mitigations are critical:
tags
Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.
View all postsApril 03, 2025
March 12, 2025
February 20, 2025
February 11, 2025