The FBI has issued a warning to Americans about cyberattacks targeting home internet routers. On May 7, 2025, the FBI released a public service announcement alerting the public to the risks associated with “end-of-life” (EOL) routers—devices that no longer receive security updates from manufacturers. These outdated routers are being exploited by cybercriminals using malware known as “TheMoon” to compromise home networks.
First identified in 2014, TheMoon malware exploits vulnerabilities in EOL routers, allowing attackers to gain unauthorized access without needing a password. The malware scans for open ports and injects malicious scripts, enabling it to connect to command-and-control (C2) servers. Once connected, the infected router can be used to scan for other vulnerable devices, spreading the malware further and integrating the compromised routers into proxy networks like 5Socks and AnyProxy.
Cybercriminals are leveraging TheMoon-infected routers to create vast proxy networks. These networks allow attackers to mask their identities and conduct illicit activities, including data theft, cryptocurrency fraud, and even state-sponsored espionage. Notably, some of these compromised routers have been linked to Chinese state-sponsored hackers targeting U.S. infrastructure.
Which Routers Are at Risk?
The FBI has identified several router models that are particularly vulnerable, including:
- Linksys models: E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550, WRT320N, WRT310N, WRT610N
- Cradlepoint: E100
- Cisco: M10
These models, primarily released before 2010, are no longer receiving firmware updates, making them susceptible to known exploits.
What to Do If You Suspect a Compromise
With cyberattacks on the rise—especially those targeting home internet routers and personal devices—knowing what to do in the event of a suspected breach is critical. Cybercriminals are increasingly exploiting outdated routers, particularly those no longer supported by manufacturers, using sophisticated malware such as TheMoon. Once inside, these attackers can gain unauthorized access, install malicious software, steal personal data, or launch cybercrimes from your network.
If you believe your router or home network has been compromised, take the following steps immediately to reduce the risk of damage and protect your personal information.
Identify Signs of a Compromised Router
Start by checking for any unusual behavior in your internet connection or devices. One of the first indicators could be noticeably slower internet speeds, which may suggest malware is consuming your bandwidth to communicate with remote servers or spread to other devices.
Another red flag is unexpected changes in your router’s settings. If your Wi-Fi password, DNS configurations, or security protocols have been altered without your knowledge, it could mean someone has gained access. Additionally, you should inspect the list of connected devices in your router’s admin panel. Unknown or unauthorized devices could point to a network breach. Finally, pay attention to excessive or unexplained network traffic, especially during times when you’re not actively using the internet. Such activity could suggest your router is being used for malicious purposes like distributed denial-of-service (DDoS) attacks.
Disconnect Affected Devices
If you suspect your router has been compromised, the first course of action is to disconnect the affected devices and your router from the internet. Doing so will stop any ongoing communication between malware and external command centers and can help prevent the spread of infection.
Unplug your router for a few minutes to force a full disconnection. Also, disconnect any suspicious or unknown devices from the network to cut off unauthorized access.
Update Your Router’s Firmware
Next, check if a firmware update is available for your router. Manufacturers often release updates to fix known vulnerabilities. Access your router’s admin interface by typing its IP address (such as 192.168.1.1 or 192.168.0.1) into your web browser. Navigate to the firmware or software section and install any available updates. If your device is no longer supported with updates—commonly known as “end-of-life” devices—it’s strongly recommended to upgrade to a newer model that receives regular security patches.
Perform a Factory Reset
If updating the firmware doesn’t resolve your concerns, the safest move is to perform a factory reset. This will clear all customized settings, including any malicious configurations introduced by attackers. Most routers have a small recessed reset button. Press and hold it for 10 to 30 seconds using a pen or paperclip. After the reset, you’ll need to reconfigure your router from scratch. Be sure to create a strong admin password, enable WPA3 encryption if available, and consider changing your network name (SSID).
Change All Your Passwords
After securing your router, change the passwords for all devices connected to your network. This includes your router login credentials and any saved passwords on smart home devices, computers, or smartphones. Create strong, unique passwords that are at least 16 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols. Avoid using easily guessed information like birthdays or pet names, and never reuse passwords across multiple accounts.
Disable Remote Management
Many routers come with remote management features that allow users to access settings from outside the home network. While convenient, this feature is a known target for cybercriminals and should be disabled unless absolutely necessary. To do this, log in to your router’s admin dashboard, locate the “Remote Management” or “Remote Administration” setting—often under the “Advanced” or “Administration” section—and turn it off. Save the changes to prevent unauthorized access in the future.
Scan All Connected Devices
Once your network is back under your control, it’s important to scan all connected devices for malware. Use trusted antivirus software to run a full scan on your computers, smartphones, and tablets. If the software finds threats, follow the prompts to remove them. Also ensure that your devices’ operating systems and apps are up to date, as updates often include important security patches. If a device continues to act suspiciously even after scanning, consider performing a factory reset on that device as well.
Monitor Your Network Traffic
After taking the above steps, keep a close eye on your network traffic. Monitoring tools can help you detect unusual activity and confirm that the compromise has been resolved. Tools like Wireshark (free and open-source), GlassWire (paid), and NetFlow Analyzer (paid) allow users to track network behavior, bandwidth usage, and connected devices in real time. These tools can be particularly helpful in identifying lingering threats or potential vulnerabilities moving forward.
Report the Incident
If you believe your router has been compromised, especially if it involves sensitive data or significant financial losses, report the incident to the appropriate authorities.
The FBI recommends reporting cybercrimes to the Internet Crime Complaint Center (IC3) at www.ic3.gov. This helps law enforcement track cybercriminal activities and may assist in the investigation of larger threats.
If you’re unsure whether to report the attack, it’s always a good idea to contact your Internet Service Provider (ISP) for guidance. They may be able to assist in securing your network and identifying any threats.
In recent days, global attention has been drawn to the rise of cyberattacks, not just in the U.S. but across the world. For instance, the UK government has been under increasing pressure due to a series of high-profile cyberattacks targeting businesses. This has led to a stronger push for businesses to ramp up their cybersecurity measures.
Prevent Future Attacks
Once your network is secure, take steps to prevent future compromises:
- Use a VPN (Virtual Private Network) to encrypt your online traffic.
- Regularly update all devices connected to your network, including routers, computers, smartphones, and IoT devices.
- Implement network segmentation by using separate networks for different types of devices (e.g., one for smart home devices and another for your personal devices).
Additionally, educate everyone in your household about cybersecurity best practices, such as not clicking on suspicious links or sharing sensitive information over unsecured networks.
News Source: News Week
Bella Richardson is a dedicated journalist and news analyst known for her clear, thoughtful reporting and her ability to make complex stories accessible to a broad audience. With a Master of Science in Mass Communication, she brings both academic insight and real-world experience to her coverage of breaking news and trending topics throughout the United States.
