FBI cyber division issueas router attack warning FBI You might be used to the Federal Bureau of Investigation issuing warnings about critical ransomware attacks, or advising do not click on anything as new phishing threats emerge, maybe even the danger from armed response units posed by a rise in internet swatting attacks. But that doesn’t mean the more mundane alerts from the FBI shouldn’t be taken just as seriously. Take, for example, the latest FBI Flash from its cyber division that warns users of end-of-life routers that they are under attack.

Is your router on the list? If so, you need to take action now. Forbes Gmail Attack Confirmed — “Remain Vigilant” Google Warns Users FBI Warns Businesses And Individuals Of Router Attack Risk Your router is, quite literally, an attack conduit for threat actors worldwide.

In fact, I’m always shocked by the apparent lack of interest so many consumers and, shockingly, businesses show in securing this singularly susceptible device, considering the role it plays in keeping your networks and data safe. Whether the danger comes from critical authentication bypass vulnerabilities, industrial zero-day attacks, or home users that have become swallowed up by the Matrix, your router is right there in the middle of it all. Now, the FBI has issued a warning that 13 routers are vulnerable to a cybercriminal proxy service attack.

The FBI cyber division flash number 20250507-001, and associated public service advisory I-050725-PSA, published May 7, have warned that cyber actors are compromising certain end-of-life routers using TheMoon malware botnet. This is particularly nefarious as it doesn’t require any password, but instead infects routers by scanning for open ports and sending a command to a vulnerable script instead. “The malware contacts the command and control (C2) server and the C2 server responds with instructions,” the FBI said, “which may include instructing the infected machine to scan for other vulnerable routers to spread the infection and expand the network.” The flash warning has named a total of 13 end-of-life routers from Cisco, Ericsson and Linksys that are vulnerable to compromise, namely: E1200 E2500 E1000 E4200 E1500 E300 E3200 WRT320N E1550 WRT610N E100 M10 WRT310N TheMoon malware enables hackers to install proxies on the routers of unknowing victims and use these to conduct further acts of cybercrime.

The FBI advised replacing any end-of-life router, and particularly those on the list, with an updated model if at all possible. Beyond this, the FBI also said users should “log in online to the router settings and disable remote management/remote administration, save the change, and reboot the router.”