The FCC issued new rules restricting routers produced in foreign countries unless they receive Conditional Approval from the Department of Defense or Department of Homeland Security, according to discussion citing FCC documentation and the agency’s supply chain covered list. The policy was described as limiting use of foreign-made networking equipment while creating an exception process tied to U.S. government review and commitments around domestic manufacturing.
The move drew criticism on the NANOG mailing list, where operators argued that few routers are truly manufactured in the United States and that assembly location does little to improve security compared with software provenance and supply-chain assurance. Participants also linked the policy debate to a recent U.S. law enforcement disruption of major IoT DDoS botnets that the Department of Justice called the world’s largest, crediting the FBI Alaska field office and network operators for helping dismantle infrastructure behind record-breaking attacks against victims worldwide.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
7 events from the most recent confirmed update back to the earliest known activity.
The FCC granted conditional approval to Amazon's Eero and Leo router products, allowing the companies to continue importing and selling foreign-made routers in the U.S. under the new national-security restrictions. The approval reportedly took effect on 2026-04-22 and covers current, prior, and unreleased Eero products through 2027-10-31.
TP-Link filed with the FCC seeking conditional approval to continue introducing new router models under the agency's foreign-made router restrictions. In its filing, the company argued it is now an independent U.S.-based firm and said its products are safe and secure, while scrutiny remained over its China- and Vietnam-based supply chain.
Netgear was identified as the first company to obtain Conditional Approval allowing continued import of several foreign-made router, gateway, and modem product lines under the FCC's new restrictions. The approval, reportedly based on a Pentagon determination, lets covered products continue entering the U.S. through 2027-10-01; Adtran was also noted as receiving approval for a service delivery gateway.
The FCC published a guidance document explaining how companies should submit requests for conditional approval under its foreign-made router restrictions. The document outlined the process and information needed for applicants seeking authorization to continue importing covered equipment.
In a NANOG mailing list message, Jason Livingood said the FCC order does not apply to equipment already deployed in networks. He said the rules only affect devices that need new FCC certification or re-certification, such as after a key component change.
In a NANOG mailing list thread, participants connected the new FCC router rules to a recent U.S. law enforcement disruption of what the Department of Justice described as the world's largest IoT DDoS botnets. The discussion credited the FBI Alaska field office and network operators for assisting in the takedown.
The FCC issued new rules stating that routers produced in a foreign country are restricted unless they receive Conditional Approval from the Department of Defense or Department of Homeland Security. The policy was discussed alongside the FCC supply chain covered list and drew criticism over its practicality and security rationale.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
24 references tracked. Mallory keeps watching after this page renders.
tomshardware.com
Open sourcetomshardware.com
Open sourcetechdirt.com
Open sourcetomshardware.com
Open sourceseclists.org
Open sourceseclists.org
Open sourceseclists.org
Open sourceismg-cdn.nyc3.cdn.digitaloceanspaces.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.