The Feds may ban the sale of TP-Link routers in the US over ongoing national security concerns about Chinese-made devices being used in cyberattacks.

Three federal departments — Commerce, Defense, and Justice — have opened investigations into the router manufacturer, according to a Wall Street Journal report, citing “people familiar with the matter.” Plus, a Commerce Department office has reportedly subpoenaed TP-Link.

The Register reached out to TP-Link and and the Justice as well as Commerce Departments but thus far, all have declined comment. We will update this story if and when we hear back from them.

TP-Link has about 65 percent of the US router market for homes and small businesses. It also partners with more than 300 internet service providers in the US to supply routers for new customer installations, according to the WSJ. The China-based manufacturer’s gear is also reportedly used by the Department of Defense and other federal government agencies.

In late October, Microsoft warned that Chinese government-backed threat actors had compromised thousands of internet-connected devices for password-spray attacks against its customers, and noted “routers manufactured by TP-Link make up most of this network.”

After stealing credentials in these campaigns, the Beijing-backed crew that Microsoft tracks as Storm-0940 uses this access to break into organizations in North America and Europe, including think tanks, government and non-governmental organizations, law firms, and defense industrial base firms. 

These attacks have been ongoing since at least 2021, Redmond said.

We should also note that Chinese spies have also used American companies’ gear to build botnets and launch cyberattacks against critical networks and organizations. 

Earlier this year, the Justice Department warned that another Chinese-government-linked crew Volt Typhoon had infected Cisco and Netgear boxes with malware so that the devices could be used to break into US energy, water, and manufacturing facilities as far back as 2021.

And just last month, reports emerged that Volt Typhoon was, once again, compromising old Cisco routers to break into critical infrastructure networks and kick off cyberattacks.

However, it doesn’t appear that TP-Link routers were used in Salt Typhoon’s snooping campaign targeting US telecommunications companies.

Regardless, the move to ban Chinese devices will likely find an ally in President-elect Donald Trump, whose previous administration in 2019 labeled Huawei a national security threat and effectively banned that company’s technology from being used in US telecom networks.

Trump’s pick for national security advisor has also indicated that the incoming president wants to go on the cyber offensive against China, and the narrative of eliminating sales of TP-Link products in America would play into that tough-on-Beijing stance.

“We have been, over the years, trying to play better and better defense when it comes to cyber,” Congressman Mike Waltz (R-FL) said to CBS News’ Margaret Brennan on Face the Nation on Sunday. “We need to start going on offense and start imposing, I think, higher costs and consequences to private actors and nation state actors.” ®