According to a recent FBI FLASH report, threat actors are targeting end-of-life routers that no longer receive security patches and software updates, turning them into anonymous proxies that help criminals conceal their digital footprints. This sophisticated malware doesn’t require a password to infect routers; instead, it scans for open ports, sends malicious commands, and awaits instructions from command-and-control servers operated by hackers. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. It then establishes iptables rules to drop incoming TCP traffic on ports 8080 and 80 while allowing traffic from specific IP ranges-effectively securing the compromised device from external interference while maintaining attacker control. “When actors use a proxy service to visit a website to conduct criminal activity… the website does not register their real IP address and instead registers the proxy IP,” explained the FBI. As these attacks continue to escalate, the FBI emphasizes that proactive router replacement and security hygiene remain the most effective defenses against this growing threat. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. For example, the Seowon SLR-120 router vulnerability (CVE-2020-17456) allows unauthenticated remote code execution through simple POST requests to the router’s system_log.cgi endpoint. Malware operations such as IcedID and SolarMarker have been observed using these proxy botnets to obfuscate their malicious activities. She is covering various cyber security incidents happening in the Cyber Space. These services sold access to the hijacked devices as proxy networks that allowed criminals to mask their true IP addresses. This anonymity enables various criminal activities, from cryptocurrency theft and fraud to accessing illegal services without being easily traced.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 09 May 2025 09:00:15 +0000