Title: Major Cybersecurity Breach: 9,000 ASUS Routers Compromised by Persistent Botnet
In a worrisome development in the landscape of cybersecurity, a formidable botnet named “AyySSHush” has successfully breached more than 9,000 ASUS routers. This situation, uncovered by the cybersecurity firm GreyNoise in March 2025, highlights serious vulnerabilities in router authentication protocols.
The attack employs sophisticated techniques that not only exploit weaknesses in the router’s authentication process but also leverage built-in features of the devices. One of the most concerning aspects of this incident is the establishment of a durable SSH backdoor, which has been strategically placed within the router’s non-volatile memory (NVRAM). This allows the backdoor to persist even through system reboots and firmware updates—conventional methods for securing devices may not be sufficient in this case.
As cybersecurity threats continue to evolve, the incident serves as a stark reminder of the importance of safeguarding our online infrastructure. Users of affected ASUS routers are urged to remain vigilant, stay informed about updates from their manufacturers, and consider additional measures to enhance their device security.
Share this content: