News

Still Use One of These Old Routers? It’s Vulnerable to Hackers, FBI Says

News Room
News Room

A group of hackers has been taking over old, out-of-date routers to help them pull off cyberattacks, according to the FBI. 

The agency identified 13 “end of life” internet routers mainly sold by Linksys under the Cisco brand that have come under attack. It also seized two websites, Anyproxy and 5Socks, which used the hijacked routers to offer “proxy services,” a method of rerouting internet traffic through external servers to mask users’ IP addresses.

The FBI alleges that Anyproxy and 5Socks sold their proxy services to “help cybercriminals hide their activities.” The sites have since been replaced with a Justice Department seizure notice.

(Credit: FBI/DOJ)

The FBI’s alert lists the 13 vulnerable router models:

The affected routers no longer receive software support from their vendors, enabling hackers to exploit unpatched vulnerabilities. They have been spreading a version of the “TheMoon” malware, which has targeted Wi-Fi routers since at least 2014. 

“TheMoon does not require a password to infect routers; it scans for open ports and sends a command to a vulnerable script,” the FBI adds. “The malware contacts the command and control (C2) server and the C2 server responds with instructions, which may include instructing the infected machine to scan for other vulnerable routers to spread the infection and expand the network.”

Recommended by Our Editors

The same malware can give hackers persistent access to the router, and lead to the formation of a botnet, an army of infected computers capable of hosting malicious activity, including DDoS attacks.  

The FBI’s alert includes indicators of compromise. But to fully address the threat, the agency is recommending users “replace compromised devices with newer models or prevent infection by disabling remote administration and rebooting the router.” So, affected customers might consider buying a router that receives regular security updates.

Get Our Best Stories!


Newsletter Icon


Your Daily Dose of Our Top Tech News

Sign up for our What’s New Now newsletter to receive the latest news, best new products, and expert advice from the editors of PCMag.

By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.

Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

About Michael Kan

Senior Reporter

Michael Kan

I’ve been working as a journalist for over 15 years—I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017.

Read Michael’s full bio

Read the latest from Michael Kan

Share This Article
Previous Article NYT Connections today hints and answers — Friday, May 9 (#698)
Next Article 2023 TechNode Content Team Annual Insights: Can’t Help Falling in AI · TechNode
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

Latest News

The HackerNoon Newsletter: If Youre an Amazon Ring Owner, You May Be an Accidental Spy (5/9/2025) | HackerNoon
Computing
NBA Playoffs 2025: TV Channel, Game Times and How to Watch or Stream Today's Games
News
Amazon makes ‘fundamental leap forward in robotics’ with device having sense of touch
News
Google’s Chrome Browser Taps On-Device AI to Catch Tech Support Scams
News
Lost your password?