Major Security Breach: Over 9,000 ASUS Routers Compromised by Botnet Attack

In a troubling development in the realm of cybersecurity, a serious breach has been identified involving more than 9,000 ASUS routers. This incident revolves around a sophisticated botnet named “AyySSHush,” discovered by experts at GreyNoise in March 2025.

The attack takes advantage of vulnerabilities in the authentication process, allowing unauthorized access to the routers. What sets this particular breach apart is its use of legitimate router functions to create a persistent SSH backdoor. This backdoor is alarmingly stored within the router’s non-volatile memory (NVRAM). As a result, it has the ability to withstand typical remediation efforts, including firmware updates and device restarts.

This persistent vulnerability underscores the need for router manufacturers and users alike to adopt more robust security measures. The traditional approaches to network security may no longer suffice in the face of such advanced tactics.

As the situation unfolds, it’s imperative for ASUS router owners to stay informed and take proactive steps to protect their devices, ensuring their networks remain secure against such threats.