FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns

Summary

The U.S. Federal Communications Commission has banned the import of new foreign-manufactured consumer routers, citing unacceptable supply chain vulnerabilities and cybersecurity risks to critical infrastructure. The ban follows a national security determination that foreign routers have been exploited by state-sponsored actors like Volt Typhoon, Flax Typhoon, and Salt Typhoon, as well as the Chinese botnet CovertNetwork-1658 (Quad7), to compromise U.S. networks and critical infrastructure. Existing routers already in circulation remain unaffected, and manufacturers can apply for Conditional Approval from DoW or DHS.

Full text

FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns Ravie LakshmananMar 25, 2026Network Security / Data Protection The U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing "unacceptable" risks to cyber and national security. The action was designed to safeguard Americans and the underlying communications networks the country relies on, FCC Chairman Brendan Carr said in a post on X. The development means that new models of foreign-produced routers will no longer be eligible for marketing or sale in the U.S. The move comes in the wake of a national security determination provided by Executive Branch Agencies, Carr added. To that end, all consumer-grade routers manufactured in foreign countries have been added to the Covered List, unless they have been granted a Conditional Approval by the Department of War (DoW) or the Department of Homeland Security (DHS) after determining that they do not pose any risks. As of writing, the approved list only includes drone systems and software-defined radios (SDRs) from SiFly Aviation, Mobilicom, ScoutDI, and Verge Aero. Producers of consumer-grade routers can submit an application for Conditional Approval. According to BBC News, Starlink Wi-Fi routers are exempt from the policy, as they are made in the U.S. state of Texas. "The Executive Branch determination noted that foreign-produced routers (1) introduce 'a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense' and (2) pose 'a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons,'" the FCC said. The agency said both state and non-state sponsored threat actors have exploited security shortcomings in small and home office routers to break into American households, disrupt networks, facilitate cyber espionage, and enable intellectual property theft. Furthermore, these devices could be conscripted into massive networks with the goal of carrying out password spraying and unauthorized network access, as well as acting as proxies for espionage. China-nexus adversaries such as Volt Typhoon, Flax Typhoon, and Salt Typhoon have also been observed leveraging botnets comprising foreign-made routers to conduct cyber attacks on critical American communications, energy, transportation, and water infrastructure. "In Salt Typhoon attacks, state-sponsored cyber threat actors leveraged compromised and foreign-produced routers to jump to embed and gain long-term access to certain networks and pivot to others depending on their target," according to the National Security Determination (NSD). Also highlighted by the U.S. government is a botnet dubbed CovertNetwork-1658 (aka Quad7), which has been used to orchestrate highly evasive password spray attacks. The activity is assessed to be the work of a Chinese threat actor tracked as Storm-0940. It's worth noting that the Covered List update does not affect a customer's continued use of routers that were already purchased. Nor does it impact retailers, who can continue to sell, import, or market router models that were approved previously through the FCC's equipment authorization process. "Unsecure and foreign-produced routers are prime targets for attackers and have been used in multiple recent cyber attacks to enable hackers to gain access to networks and use them as launching pads to compromise critical infrastructure," the NSD said. "The vulnerabilities introduced into American networks and critical infrastructure resulting from foreign-manufactured routers are unacceptable." Routers have been a lucrative target for cyber attacks, as they serve as the primary conduit for internet access. Compromised routers could allow threat actors to conduct network surveillance, exfiltrate data, and even deliver malware to victims. In 2014, journalist Glenn Greenwald alleged in his book No Place to Hide how the U.S. National Security Agency (NSA) routinely intercepts routers before U.S. manufacturers can export them in order to implant backdoors. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  botnet, critical infrastructure, cyber espionage, cybersecurity, data protection, FCC, Malware, national security, network security Trending News FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack and More Veeam Patches 7 Critical Backup and Replication Flaws Allowing Remote Code Execution Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8 Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026 Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration ⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents and More CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS Popular Resources Webinar - Identify Key Attack Paths to Your Crown Jewels with CSMA Guide - Discover How to Validate AI Risks With Adversarial Testing Get the 2026 ASV Report to Benchmark Top Validation Tools Fix Security Noise by Focusing Only on Validated Exposures

Indicators of Compromise

• malware — CovertNetwork-1658
• malware — Quad7