The FBI warns about the use of end-of-life routers being compromised with malware, turning them into proxies for malicious activities through networks like 5Socks and Anyproxy. Threat actors, including Chinese state-sponsored hackers, exploit known vulnerabilities on these devices to conduct espionage, cybercrimes, and facilitate illegal operations. (Affected: Critical infrastructure, individual users, organizations using outdated routers)
Keypoints :
- Threat actors are deploying malware on outdated routers to turn them into proxies for cybercriminal activities.
- Publicly available exploits are used to compromise vulnerable EoL routers, which no longer receive security updates.
- The compromised routers are added to proxy botnets sold via networks like 5Socks and Anyproxy.
- Chinese state-sponsored actors have exploited these vulnerabilities for espionage, including targeting critical U.S. infrastructure.
- Many routers are infected with a variant of “TheMoon” malware, enabling remote configuration as proxies.
- Signs of compromise include network disruptions, unusual traffic, configuration changes, and rogue admin accounts.
- Mitigation measures include replacing outdated routers, updating firmware, changing default credentials, and disabling remote admin features.