The Federal Communications Commission has mandated a prohibition on the importation of new consumer routers produced abroad, citing potential cybersecurity threats.

The directive, released late Monday, stated that the import ban will “encompass all consumer-grade routers manufactured in foreign nations.” The FCC indicated that the order will not impact the importation or use of current routers, although new devices could receive an exemption if approved by the Departments of Defense or Homeland Security.

The FCC argued that routers produced overseas “present unacceptable dangers” to U.S. national security, alluding to threats from China-affiliated hacking groups Volt, Salt, and Flax Typhoon.

As per Reuters, China is believed to control approximately 60% of the market for consumer routers that connect residences and businesses to the internet.

The FCC asserted that it was taking steps because malicious hackers have taken advantage of vulnerabilities in foreign-made routers to target U.S. homes, disrupt networks, and facilitate cybercrime and espionage. 

Both state-sponsored hackers and cybercriminals have historically focused on routers as they provide access to home or business networks. Hackers are also capable of commandeering routers to launch attacks on other firms or organizations, overwhelming servers with excessive junk traffic, known as distributed denial-of-service attacks.

The FCC did not furnish evidence to suggest that domestically-made consumer routers are more secure compared to those created overseas. An FCC representative did not promptly respond to a request for comments.

Salt Typhoon, a China-backed cyber-espionage faction that has infiltrated numerous phone and internet companies globally, including in the United States, has been noted for exploiting weaknesses in routers produced by American technology leader Cisco. Flax Typhoon, another China-linked hacking organization which U.S. officials have accused of operating a vast botnet of compromised devices, targeted both U.S.-made and foreign-made routers to penetrate at least 126,000 devices in the United States, as well as thousands more worldwide. 

FCC chairman Brendan Carr stated in prepared comments that the agency will “continue to fulfill our role in ensuring that U.S. cyberspace, critical infrastructure, and supply chains are secure and protected.”

In spite of numerous Chinese cyber intrusions aimed at U.S. businesses and government entities, Carr was one of the two FCC commissioners who voted in November to eliminate cybersecurity regulations that mandated telecom operators to safeguard their lawful intercept systems against unauthorized access.