FBI Issues Stark Warning About Home Internet Routers

The FBI has issued an urgent warning to Americans still using older router models, as Russian hackers have successfully hijacked thousands of devices, turning them into secret gateways for cybercrime operations worth over $46 million.

Quick Takes

Russian hackers have compromised at least 13 outdated router models, primarily older Linksys devices, to create a massive botnet
The cybercriminal operation sold access to hijacked routers through services called Anyproxy.net and 5Socks.net, generating over $46 million in illegal revenue
Four individuals (three Russians and one Kazakhstani) have been charged in connection with the scheme
“End-of-life” routers no longer receive security updates, making them permanently vulnerable to attacks
The FBI recommends replacing vulnerable routers entirely rather than attempting to secure outdated equipment

Old Routers, New Threats: The “TheMoon” Malware Campaign

Federal authorities have identified a sophisticated cyber operation targeting outdated home routers across America. At the center of this campaign is “TheMoon” malware, which has been actively exploiting vulnerabilities in Wi-Fi routers since 2014. The malware is particularly dangerous because it doesn’t require password access and can rapidly spread by scanning networks for open ports and sending commands to vulnerable scripts. Most concerning for homeowners, the infection operates silently in the background, making detection difficult for average users.

The FBI’s warning specifically identified 13 vulnerable router models, primarily older Linksys devices that were sold under the Cisco brand during the 2000s and early 2010s. These devices have reached what the agency terms “end-of-life” status, meaning manufacturers no longer provide critical security updates or patches that would protect against newly discovered vulnerabilities. Without this ongoing protection, these routers have become prime targets for cybercriminals looking for easy entry points into home networks.

Your old router isn’t just outdated—it might be a silent accomplice.
FBI warns criminals are hijacking end-of-life routers to hide their tracks. Time to check your hardware.#CyberSecurity #FBI #InfoSec https://t.co/XOe5XXXRVg

— Babak Nabiee (@BabakNabiee) May 7, 2025

Russian Hackers Charged in $46 Million Scheme

The investigation has led to serious charges against four individuals – three Russians and one Kazakhstani national – who allegedly orchestrated the massive router hijacking operation. According to federal prosecutors, the group infected thousands of older wireless internet routers worldwide, creating a botnet that could be rented out to other criminals. They then monetized this network by selling access through two services: Anyproxy.net and 5Socks.net, which allowed customers to route their internet traffic through the compromised routers.

“The indictment alleges that a botnet was created by infecting older-model wireless internet routers worldwide, including in the United States, using malware without their owners’ knowledge,” said a statement from the Department of Justice.

This operation proved enormously profitable for the criminal enterprise. “The defendants are believed to have amassed more than $46 million from selling access to the infected routers that were part of the Anyproxy botnet,” federal officials reported. The services allowed other criminals to mask their true locations when conducting illicit activities online, effectively using innocent Americans’ home networks as digital shields for criminal operations ranging from fraud to cyberattacks.

Warning Signs and Recommendations

Detecting a compromised router can be challenging for most users. The FBI has advised that signs of infection may include unexpected router overheating, connectivity issues, or unauthorized changes to network settings. However, “Because the malware is router-based, said the FBI, it can be more difficult for users to notice when something is wrong.” The remote administration features pre-installed on many older routers represent a significant vulnerability, providing backdoor access even when seemingly protected by passwords.

The FBI’s recommendation is clear and decisive: replace vulnerable routers entirely rather than attempting to secure outdated equipment. For those who cannot immediately replace their equipment, temporary protective measures include disabling remote administration features and performing a complete router reboot to clear any existing malware. The agency also advises reporting any suspicious network activity to local FBI field offices to help track and combat these ongoing threats to American cybersecurity.