Ethical Hacking News
The FBI has issued a warning about a new threat vector that targets end-of-life routers, which are vulnerable to cyber attacks due to lack of security updates. Cybercriminals are using these devices to deploy malware and turn them into proxies sold on malicious networks. The alert urges individuals and organizations to take immediate action to protect themselves against these types of attacks by replacing vulnerable devices with newer models or disabling remote administration and rebooting.
Cybercriminals are targeting end-of-life (EOL) routers to deploy malware or create botnets. EoL devices lack security updates and are vulnerable to known exploits. Threat actors can gain root access via exposed remote management, allowing configuration changes. Cybercriminals have already established botnets using EoL routers to attack US critical infrastructures. The FBI has identified several vulnerable router models that are susceptible to this type of attack.
In a recent FLASH alert, the Federal Bureau of Investigation (FBI) has sounded the alarm on a new threat vector that poses significant risks to individuals and organizations alike. According to the alert, cybercriminal services are targeting end-of-life (EOL) routers in an attempt to deploy malware, create botnets for attacks, or sell them as proxies on malicious networks such as 5Socks and Anyproxy.
The FBI warns that EoL devices, which lack security updates and are no longer supported by their vendors, are easy targets for threat actors who exploit known vulnerabilities. These vulnerabilities can be exploited via exposed remote management, allowing attackers to gain root access to the device and make configuration changes.
"The threat actors use the device's known vulnerabilities to upload the malware, which ultimately allows the threat actor to gain root access to the device and make configuration changes," reads the alert. "Chinese cyber actors are also among those who have taken advantage of known vulnerabilities in end-of-life routers and other edge devices to establish botnets used to conceal hacking into US critical infrastructures."
Infected routers form botnets that can be used for coordinated attacks or sold as proxies on malicious networks. Once installed, the malware allows threat actors to achieve persistent access, allowing regular communication with the device every 60 seconds to five minutes to maintain control and availability for customers.
The FBI has identified several vulnerable models of EoL routers that are susceptible to this type of attack, including:
- E1200
- E2500
- E1000
- E4200
- E1500
- E300
- E3200
- WRT320N
- E1550
- WRT610N
- E100
- M10
- WRT310N
The FBI has published indicators of compromise (IoCs) associated with attacks targeting end-of-life routers and mitigations, including the recommendation to replace vulnerable devices with newer models that remain in their vendor's support plans or disable remote administration and reboot the device.
In light of this new threat vector, it is essential for individuals and organizations to take immediate action to protect themselves against these types of attacks. By staying informed about the latest cybersecurity threats and taking proactive measures to secure their networks, they can reduce the risk of being targeted by cybercriminals.
Furthermore, it is crucial to note that the lack of security updates for EoL devices is a significant vulnerability that can be exploited by threat actors. This highlights the importance of regular software updates and patching, as well as the need for vendors to provide adequate support for their products.
Related Information:
https://www.ethicalhackingnews.com/articles/Cybersecurity-Alert-The-FBI-Warns-of-a-New-Threat-Vector---End-of-Life-Routers-ehn.shtml
https://securityaffairs.com/177648/cyber-crime/malware-targets-end-of-life-routers.html
Published: Fri May 9 09:47:21 2025 by llama3.2 3B Q4_K_M
