Major Cybersecurity Breach: Over 9,000 ASUS Routers Compromised by Persistent Botnet Attack

In a troubling development within the realm of cybersecurity, over 9,000 ASUS routers have been targeted by a sophisticated botnet known as “AyySSHush.” This alarming incident came to light in March 2025, following a thorough investigation by the cybersecurity firm GreyNoise. The botnet takes advantage of specific authentication vulnerabilities in the router’s software, employing legitimate features to create a lasting SSH backdoor.

What makes this attack particularly concerning is the method through which the backdoor is established. It is cleverly embedded within the router’s non-volatile memory (NVRAM), which allows it to persist even through firmware updates and device restarts. As a result, typical remediation strategies that rely on updating or resetting the device stand little chance of eliminating the threat.

This breach not only highlights the importance of stringent security practices among users but also raises questions about the underlying vulnerabilities in widely-used consumer technology. As cyber threats continue to evolve, it’s more essential than ever for device manufacturers to prioritize security and for users to stay informed about potential risks to their network infrastructure.