FBI Warns Hackers Are Using End-of-Life Routers to Mask Their Tracks

The Federal Bureau of Investigation (FBI) has issued a stark warning to businesses and home users: cybercriminals are actively exploiting outdated, unsupported routers to hide their tracks and launch attacks, making them a favored tool for masking malicious operations.

According to a new security advisory released May 7, FBI investigators have observed a troubling spike in cyberattacks utilizing “end-of-life” (EOL) routers.

These devices, no longer supported with updates or security patches by their manufacturers, have become prime targets for hackers seeking to install malware and incorporate them into botnets.

Outdated Routers, Active Threats

The advisory highlights that criminal services such as 5Socks and Anyproxy are leveraging EOL routers by exploiting well-known vulnerabilities.

Once compromised, these routers can be remotely controlled and used as part of a proxy network, allowing bad actors to conceal their true identities and physical locations when conducting attacks worldwide, including targeting U.S. critical infrastructure.

A partial list of affected models includes popular household and small business routers such as the Linksys E1200, E2500, WRT320N, and E4200, among others.

“Once the attacker gains access, they install persistent malware, making the routers part of a global botnet,” the FBI noted.

“These are then rented out to other criminals as proxy devices, further obfuscating illegal activities from law enforcement scrutiny.”

Infiltration Techniques and Difficult Detection

Attackers gain entry by taking advantage of remote management features, often left enabled and sometimes inadequately secured.

Even password protection can be bypassed due to inherent flaws in the outdated software. After infiltrating, the malware communicates regularly with external command-and-control servers, ensuring the device remains under hacker control.

Detecting such infections is difficult for average users, as most commercially available antivirus software cannot scan routers for embedded threats.

The FBI provided technical details, including specific files and hashes linked to the current wave of attacks, but stressed that even experts may find detection and remediation challenging on unsupported devices.

The FBI is urging individuals and organizations to inventory their network equipment for EOL routers and replace them with newer models that receive regular security updates.

For those unable to immediately upgrade, disabling remote administration features and regularly rebooting the device can mitigate risk, though these are stopgap measures.

In addition, the FBI encourages anyone noticing unusual network activity or possible signs of compromise to report details to their local FBI Cyber Squad.

Rapid reporting, officials say, is vital for protecting the broader community and enabling timely disruption of criminal operations.

Setting Up SOC Team? – Download Free Ultimate SIEM Pricing Guide (PDF) For Your SOC Team -> Free Download