Threat actors exploit known vulnerabilities to compromise EOL routers, install malware, and use the routers in a botnet they control to launch coordinated attacks or sell access to the devices as proxy services. The FBI recommends users replace compromised devices with newer models or prevent infection by disabling remote administration and rebooting the router.
This FBI FLASH provides technical details, IOCs, recommended mitigations, and is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals.
Reporting
The NJCCIC encourages recipients who discover signs of malicious cyber activity to contact the NJCCIC via the cyber incident report form at www.cyber.nj.gov/report.
