Major Cybersecurity Breach: 9,000 ASUS Routers Compromised by Persistent Botnet

In a troubling development for network security, more than 9,000 routers manufactured by ASUS have been compromised by a sophisticated botnet known as “AyySSHush.” This alarming incident was uncovered in March 2025 by GreyNoise, a noted cybersecurity firm.

The breach takes advantage of authentication gaps within the affected routers and employs legitimate features to create a stealthy SSH backdoor. What sets this cyberattack apart is the persistence of this backdoor, which is integrated into the router’s non-volatile memory (NVRAM). This unique characteristic allows it to survive firmware updates and device restarts, effectively nullifying conventional remediation strategies that typically rely on such updates to flush out vulnerabilities.

The ramifications of this security flaw are significant, as it poses an ongoing risk to individuals and organizations using these compromised devices. Cybersecurity experts urge ASUS users to remain vigilant and consider additional security measures to protect their networks from further exploitation. The situation underscores the importance of proactive security practices in an era where cyber threats are becoming increasingly sophisticated and persistent.