In a recent cybersecurity advisory, the FBI sounded the alarm on a growing threat that’s targeting one of the most overlooked parts of your home or small business network: your router. Specifically, the FBI is warning that EOL routers (end-of-life), devices that are no longer receiving security updates, are actively being exploited to create large-scale residential proxy botnets.
If you’re still using one of these older models, your network could be part of a cybercriminal’s toolkit without your knowledge.
What’s Happening?
According to the FBI, malware like “TheMoon” is infecting unsupported routers and enlisting them into residential proxy botnets. These botnets are then sold or leased on the dark web through services like “5Socks” and “Anyrun”, allowing cybercriminals to anonymously route traffic through compromised devices.
These compromised routers can be used to:
- Disguise malicious online activity
- Send spam or phishing messages
- Launch distributed denial-of-service (DDoS) attacks
- Harvest personal or financial data
This activity not only poses a threat to national cybersecurity but also compromises the privacy and safety of those using infected routers.
Devices Identified as Vulnerable
The FBI and several cybersecurity researchers have identified a list of specific devices that are being actively targeted due to known vulnerabilities and lack of firmware support. These routers include:
Confirmed Impacted Routers:
- Cisco RV320 and RV325
- Netgear ProSAFE BR200
- Zyxel USG and ZyWALL models
- DrayTek Vigor 2960 and 3900
- D-Link DIR-655, DIR-866L, DIR-652, DSR-250N, DSR-500N
- TP-Link WR740N and similar low-cost EOL models
- Linksys E-series older models (E1200, E2500, etc.)
- Cradlepoint E100 (However, see note below)
These models are no longer receiving security patches and are especially vulnerable to known exploits that have been circulating for years.
Clarifying the Cradlepoint Confusion
Several media outlets mistakenly reported that all Ericsson Cradlepoint routers are vulnerable. This is incorrect.
The FBI’s advisory referenced the Cradlepoint E100 specifically, an older, specialized model that is no longer supported. However, modern Cradlepoint models like the IBR series, R1900, R500, and E300/E3000 are NOT impacted by this vulnerability.
In fact, Cradlepoint’s newer routers continue to receive regular firmware and security updates and include enhanced protection via InControl2 cloud management and zero-trust policies. If you’re using any current Cradlepoint device sold at 5Gstore.com, you’re not at risk from this specific malware.
How to Know if You’re at Risk
Ask yourself the following:
- Is your router more than 5–7 years old?
- Does the manufacturer still provide firmware updates for it?
- Are you experiencing slowdowns or strange behavior on your network?
- Have you logged into your router interface lately to check for unknown settings or devices?
If your router is on the list above or meets the criteria of an EOL device, it’s time to replace it.
Mitigation: What You Should Do Right Now
Here’s how to protect your home or business network:
1. Replace Your Router
The most effective step is to upgrade to a modern router that is actively supported. Products from Semtech, Peplink, Cradlepoint, Digi, and Teltonika, available from 5Gstore, offer robust security and centralized management features.
2. Disable Remote Management
Turn off web-based remote access to your router. Most home users don’t need this feature, and it’s a common attack vector.
3. Reset and Reconfigure
If you’re sticking with your existing router temporarily, reset it to factory settings and reconfigure it using a secure password and up-to-date DNS settings.
4. Change All Default Credentials
Many botnets exploit unchanged usernames and passwords. Change both your admin and Wi-Fi credentials to strong, unique passwords.
5. Use Network Monitoring Tools
A good router today includes built-in monitoring tools. You can also use third-party applications to detect unusual spikes in outbound traffic, which can indicate your device is acting as a proxy for criminal activity.
6. Segment Your Network
If possible, use VLANs or guest networks to segment IoT and guest traffic from sensitive devices like your work computer or POS terminals.
Why This Matters
Cybersecurity isn’t just an enterprise concern anymore. Home networks, small businesses, and remote workers are all targets. By using outdated equipment, you’re not just risking your own data, you’re potentially helping attackers mask their activity and cause broader harm.
At 5Gstore, we help thousands of customers each year modernize their networking infrastructure to prevent exactly this kind of issue. Whether you’re upgrading a single home router or deploying hundreds of devices across an enterprise, we can help you select, configure, and secure the right solution.
Final Thought: Upgrade with Confidence
If your current router is on the FBI’s radar, don’t wait. Upgrade today and ensure you’re protected against today’s most active threats. Contact us at 5Gstore.com to learn more about secure, modern router options that are safe from residential proxy botnet attacks.
You deserve better than being a pawn in someone else’s cyberattack.
