The Federal Bureau of Investigation (FBI) has issued a warning about the increasing manipulation of end-of-life (EoL) routers by cybercriminals. These outdated devices, no longer receiving critical security updates from vendors, are being turned into proxies for malicious activities, according to a recent advisory.
Cybercriminals are reportedly deploying malware on these vulnerable routers and integrating them into residential proxy botnets. The compromised routers then facilitate a variety of illicit operations, obscuring the identities of the attackers as they engage in activities such as cryptocurrency theft and cybercrime-for-hire. As noted in the FBI advisory, “criminals are selling access to compromised routers as proxies for customers to purchase and use.” [source]
Prominent models targeted by these attacks include several old Linksys and Cisco routers, which are particularly susceptible due to known security flaws. Among the commonly exploited models, the advisory lists the Linksys E1200 and E2500, as well as the Cisco M10, all of which have become prime targets for such exploitation.
Moreover, the FBI indicates that state-sponsored actors have been using these vulnerabilities not just for cybercrime but for espionage operations aimed at critical U.S. infrastructure. The agency highlights a concerning trend where compromised routers have shown up in operations associated with a variant of malware known as “TheMoon.” This software allows attackers to install proxies on infected routers to enhance their operational secrecy. [source]
To mitigate these risks, the FBI strongly advises consumers to replace EoL routers with newer devices that receive regular security updates. If replacement is unfeasible, they recommend updating the firmware from the vendor’s official site, changing default login credentials, and disabling remote administration features to reduce exposure to potential botnet infections.