Security Affairs
Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cybercriminal services target end-of-life routers, FBI warns

The FBI warns that attackers are using end-of-life routers to deploy malware and turn them into proxies sold on 5Socks and Anyproxy networks. The FBI released a FLASH alert warning about 5Socks and Anyproxy malicious services targeting end-of-life (EOL) routers. Attackers target EoL devices to deploy malware by exploiting vulnerabilities and create botnets for attacks […]

FBI TeamPCP

The FBI warns that attackers are using end-of-life routers to deploy malware and turn them into proxies sold on 5Socks and Anyproxy networks.

The FBI released a FLASH alert warning about 5Socks and Anyproxy malicious services targeting end-of-life (EOL) routers. Attackers target EoL devices to deploy malware by exploiting vulnerabilities and create botnets for attacks or proxy services. The alert urges replacing compromised routers or preventing infection by disabling remote admin and rebooting.

End-of-life (EOL) routers lack security updates and are vulnerable to cyber attacks. The lack of security updates makes them easy targets for threat actors who exploit known vulnerabilities, often via exposed remote management.

“The threat actors use the device’s known vulnerabilities to upload the malware, which ultimately allows the threat actor to gain root access to the device and make configuration changes.” reads the alert. “Chinese cyber actors are also among those who have taken advantage of known vulnerabilities in end of life routers and other edge devices to establish botnets used to conceal hacking into US critical infrastructures.”

Infected routers form botnets used in coordinated attacks or sold as proxies on 5Socks and Anyproxy.

Once installed, the malware allows threat actors to achieve persistent access, allowing regular communication with the device every 60 seconds to five minutes to maintain control and availability for customers.

Malware spreads through internet-connected devices with remote access enabled, and attackers can gain shell access even with password protection.

The malware uses a two-way handshake with a C2 server for regular check-ins and opens ports on the router to enable its use as a proxy server.

Vulnerable models include:

  • E1200
  • E2500
  • E1000
  • E4200
  • E1500
  • E300
  • E3200
  • WRT320N
  • E1550
  • WRT610N
  • E100
  • M10
  • WRT310N

The FBI published indicators of compromise (IoCs) associated with attacks targeting end-of-life routers and mitigations:

“The FBI recommends users identify if any of the devices vulnerable to compromise are part of their networking infrastructure. If so, these devices should be replaced with newer models that remain in their vendor support plans to prevent further infection.” concludes the alert .”Alternatively, a user can prevent infection by disabling remote administration and rebooting the device. Please refer to the specific instructions for your router for information on how to disable remote management.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, end-of-life routers)