Major Cybersecurity Breach: Over 9,000 ASUS Routers Compromised by Persistent Botnet Attack

In a disturbing development in the realm of cybersecurity, more than 9,000 ASUS routers have been infiltrated by a sophisticated botnet known as “AyySSHush.” This alarming incident was identified in March 2025 by the cybersecurity experts at GreyNoise.

The attack takes advantage of various authentication vulnerabilities within the router firmware, allowing the adversaries to create a persistent SSH backdoor. This is particularly troubling because the backdoor is embedded within the router’s non-volatile memory (NVRAM). As a result, it can withstand standard firmware updates and device reboots, complicating remediation efforts and making traditional security measures virtually ineffective.

This incident highlights the necessity for rigorous security protocols and event monitoring for network devices, as even seemingly minor vulnerabilities can lead to significant breaches when exploited by malicious entities. As this situation unfolds, its implications for users of ASUS routers and the broader cybersecurity landscape will be closely monitored. Staying informed and proactive in implementing security measures is essential for all router users to safeguard against potential threats.