The Federal Bureau of Investigation (FBI) warns that hackers abuse old router models to proxy their attacks and hide their tracks. Thirteen vulnerable end-of-life Linksys models were listed as an easy target for cybercriminals.
The FBI urges users to replace routers that have reached the end of their life. They no longer receive security patches and software updates, and cybercriminals abuse the devices to proxy their attacks.
“Routers dated 2010 or earlier likely no longer receive software updates issued by the manufacturer and could be compromised by cyber actors exploiting known vulnerabilities,” the FBI said.
In the recent campaign, threat actors breached end-of-life routers using variants of TheMoon malware.
“This malware allows cyber actors to install proxies on unsuspecting victim routers and conduct cyber crimes anonymously,” the advisory reads.
Think of a proxy server as a system that acts as a gateway to reach the internet. Its IP address is exposed to the servers to which it sends requests. When hackers have access to users’ routers, they can hide their real IP behind users’ IP addresses.
“It is an intermediary between end-users and the web pages they visit online. A proxy is a service that relays users' Internet traffic while hiding the link between users and their activity,” the FBI explains.
The most vulnerable are the routers with remote administration turned on – it means that cybercriminals can access their web administration panel from the internet, which makes deploying malware easier.
Hackers then use compromised routers to sell proxy service to other cybercriminals, who specialise in stealing cryptocurrency, contracting illegal services, and conducting other criminal activities.
TheMoon malware was first discovered on compromised routers in 2014. It doesn’t require a password to infect routers, but it scans for open ports and sends a malicious command. It then waits for instructions from the command and control server.
Attackers have been observed launching coordinated attacks through at least thirteen device models listed by the FBI. All of them appear to be old Linksys devices, as follows:
- E1200
- E2500
- E1000
- E4200
- E1500
- E300
- E3200
- WRT320N
- E1550
- WRT610N
- E100
- M10
- WRT310N
The FBI urges users to replace outdated devices with newer models that remain supported. Alternatively, users should disable remote administration and reboot the device. It’s recommended to immediately apply any available security patches and firmware updates, as well as use strong and unique passwords of at least 16 characters.
Users who suspect their routers have been hacked can file a complaint with the FBI Internet Crime Complaint Center.
FBI urges users to replace outdated devices with newer models that remain supported. Alternatively, users should disable remote administration and reboot the device. It’s recommended to immediately apply any available security patches and firmware updates, as well as use strong and unique passwords of at least 16 characters.
Users who suspect their routers have been hacked can file a complaint with the FBI Internet Crime Complaint Center.
Your email address will not be published. Required fields are markedmarked