FBI Warns of Hacker Attacks Exploiting Outdated Routers—Protect Your Network Today

For many people, keeping devices up-to-date with the latest patches and updates is second nature—at least when it comes to smartphones and laptops. However, network routers, often quietly tucked away and forgotten, tend to escape regular maintenance. This habit, experts warn, could have serious consequences for both individuals and businesses.

The Federal Bureau of Investigation (FBI) recently issued a stark warning about the growing risk posed by outdated routers. In a bulletin published in May 2025, the agency revealed that hackers are specifically targeting old, unpatched network devices—particularly those that no longer receive security updates. Once compromised, these routers can be hijacked by malware and forced to participate in clandestine cybercrime operations without their owners’ knowledge.

The FBI highlighted that devices manufactured around 2010 or earlier are especially susceptible. Vendors have long since stopped releasing firmware updates for these models, leaving well-documented security flaws wide open for attackers. According to the FBI’s May 7 announcement, cybercriminals have been using a variant of "TheMoon" malware to break into these abandoned routers, installing proxy services that let malicious actors mask the true origin of illegal online activities.

This process essentially turns home and small-office routers into “proxy nodes.” Through underground services like "5socks" and "Anyproxy," hackers sell access to compromised routers, enabling customers to disguise their own Internet traffic. In these schemes, the innocent owner’s device—and their IP address—can be used as a smokescreen for illicit acts, potentially exposing unsuspecting victims to blame for crimes they did not commit.

The FBI’s public service alert names specific router models known to be at risk, emphasizing that any device roughly a decade or more old, and out of security support, should be considered vulnerable. These legacy routers often contain security holes that were never patched, providing an easy entry point for modern cyber attackers.

Many attacks begin with routers that have exposed remote administration controls, visible from the Internet. Hackers frequently scan for such devices, exploiting unprotected firmware vulnerabilities—sometimes without even needing a password. A single malicious web request can trick older routers into installing malware, which then opens ports, disables firewall protections, and connects the device to command-and-control servers run by criminals.

One of the most prominent threats comes from TheMoon malware family. First detected in 2014, TheMoon initially targeted Linksys routers, but has since evolved into a sophisticated botnet tool. Infected routers are conscripted into anonymous proxy networks, shielding criminals’ identities. Underground platforms now market access to these compromised routers as “residential proxies,” highly prized for their ability to make malicious traffic appear legitimate.

For everyday users, a hijacked router can mean noticeably slower speeds, unexplained device disconnections, and heightened risk of phishing or spyware infections. Because criminals may use the victim’s IP address for illegal activity, there is also the prospect of facing unwarranted legal scrutiny. For businesses, outdated network hardware can facilitate deeper IT breaches, data theft, and even ransomware attacks. In critical infrastructure or sensitive industries, such exploits can lead to severe operational impact and regulatory penalties.

Given the serious implications, cybersecurity experts strongly recommend taking immediate steps to secure home and office networks. The following measures are especially important:

• Replace unsupported routers: If your device is over five to seven years old or cannot be updated with recent firmware, replace it with a newer model that receives regular security updates.
• Keep firmware updated: Periodically log in to your router’s control panel to check for and apply firmware updates from the manufacturer.
• Disable remote access: Unless absolutely necessary, turn off settings like “Remote Management” or “WAN Access” to prevent external tampering.
• Strengthen passwords: Change default admin credentials to strong, unique passwords, and consider using a password manager to keep them safe.
• Monitor for suspicious activity: Watch for unexplained drops in speed or unfamiliar devices on your network, which may signal compromise.
• Report incidents: If you suspect your router has been hacked, notify authorities through resources like the FBI’s Internet Crime Complaint Center (IC3).

These recommendations underscore a broader challenge: much of the technology that powers our connectivity runs silently for years with little attention. While it may be convenient to forget about routers once they’re set up, the risks of neglect grow over time. Some observers suggest that manufacturers and service providers should shoulder more responsibility for support and security patching of legacy devices, but end-users also play a vital role in maintaining network hygiene.

As cybercriminals continue to exploit forgotten hardware, simple vigilance can make a world of difference. Regularly checking on devices that form the backbone of everyday connectivity may help prevent them from becoming silent accomplices to cybercrime.