News
FBI Sounds Alarm Over Hacked Old Routers Used in Cybercrime Proxy Networks
The FBI has issued a fresh warning over old internet routers being hijacked and sold as tools in underground cybercrime markets — and the threat is a lot closer to home than most realize.
Thousands of outdated routers, many still humming quietly in households and small businesses, are being turned into silent accomplices in criminal schemes. The culprits? Hackers leveraging known security holes to inject malware that turns these devices into rented digital disguises for cyber crooks.
Cybercrime Is Getting Cozy With Your Old Router
If you’re still using that dusty Linksys or Cisco router from a decade ago, the FBI says you might unknowingly be part of a crime operation.
The agency’s new Flash advisory reveals that end-of-life (EoL) routers — devices no longer supported by their manufacturers — are being actively targeted. Hackers are infecting them with malware and adding them to proxy botnets like 5Socks and Anyproxy. In plain terms, your old Wi-Fi box could now be someone’s passport to commit digital crimes.
“These proxies can be used by threat actors to obfuscate their identity or location,” the FBI explains. Translation: crooks are hiding behind your IP address while launching cyberattacks or running scams.
Here’s What They’re Targeting — And Who’s Behind It
Not just any router will do. The attackers have been particularly focused on aging models from Linksys, Cradlepoint, and Cisco. These units stopped receiving security updates years ago, making them easy prey.
-
Linksys models: E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550
-
More Linksys: WRT320N, WRT310N, WRT610N
-
Cradlepoint: E100
-
Cisco: M10
But it’s not just random crooks poking around the internet. The FBI says Chinese state-sponsored hackers have also taken interest, exploiting known software holes (referred to as “n-day” vulnerabilities) for stealth espionage campaigns. This even includes potential hits on U.S. critical infrastructure.
TheMoon Malware Makes a Comeback
Some of the infected routers are being hit with a fresh variant of a malware strain called “TheMoon.”
It’s not a new name in cybersecurity circles. TheMoon has been bouncing around since at least 2014. But the FBI says new variants have emerged, now tailored to hijack old routers and set them up as proxy nodes.
Once infected, these routers connect back to command-and-control (C2) servers. From there, the compromised device gets marching orders — usually scanning for other vulnerable systems, or acting as a mask for criminal activities.
You might not notice anything at first. But there are clues.
How to Know If Your Router’s Been Compromised
The signs are easy to miss. A bit more lag here. A slower connection there. Maybe your device feels a little too warm.
According to the FBI, here’s what you might spot if your router is caught in a botnet:
-
Random connection drops
-
Slower internet speeds
-
Device overheating
-
Mysterious changes to settings
-
Unknown admin users suddenly appearing
-
Weird traffic on your network
Don’t ignore those signs. That lag could be hiding something far more sinister.
Who’s Buying These Proxies — And Why?
It’s a lucrative market. Criminals are now essentially renting hacked routers as anonymous proxies. Why? Because it’s much harder to trace stolen crypto or illegal web traffic back to the real actor if it’s going through a random residential router.
This isn’t just about spam or phishing emails.
Table: Common Uses of Hacked Proxies on 5Socks & Anyproxy
| Criminal Activity | Purpose of Proxy Use |
|---|---|
| Cryptocurrency theft | Hiding real IPs during wallet access or theft |
| Cybercrime-for-hire services | Offering anonymous operations to customers |
| Fraudulent financial activity | Making scam transactions harder to trace |
| Espionage and surveillance | Shielding state actors’ movements online |
FBI’s Advice: Replace or Risk It
Let’s be real: replacing a router isn’t on most people’s to-do list. But maybe it should be.
The FBI strongly urges folks to upgrade from EoL routers to modern, supported hardware. That’s the safest path. If you absolutely can’t replace the device right now, there are still some steps you can take:
-
Download the latest firmware (yes, even old models still have some updates)
-
Disable remote administration features
-
Change default admin passwords — immediately
-
Monitor for strange activity on your home network
And whatever you do, stop ignoring that blinking light that’s been acting weird for weeks. It’s probably trying to tell you something.
Reading the Footprints of Whales in a Rigged Market
FBI Sounds Alarm Over Hacked Old Routers Used in Cybercrime Proxy Networks
Ripple’s $139 Billion Gamble: Why Some Say It’s Still Wildly Undervalued
Bond Market Flashpoint: Yields Soar, Confidence Shakes
How Quantum Physics Changes Your View of Everything
HBO Doubles Down: The Last of Us Secures Early Season 3 Renewal
Star Citizen Crosses $800 Million Without a Launch in Sight
Machine Gun Kelly Resurfaces at Coachella in Dazzling Style After Welcoming Baby Girl with Megan Fox
Katy Perry Suits Up for Space: Pop Star Set to Launch with Historic All-Women Crew
Hertz Confirms Data Breach After Clop Ransomware Attack Exposes Customer Info
-
News2 months agoTaiwanese Companies Targeted in Phishing Campaign Using Winos 4.0 Malware
-
News1 month agoJustin Baldoni Hits Back at Ryan Reynolds, Calling Him a “Co-Conspirator” in Blake Lively Legal Battle
-
News3 months agoApple Shuts Down ADP for UK iCloud Users Amid Government Backdoor Demands
