9,000 Asus routers compromised by botnet attack and persistent SSH backdoor that even firmware updates can’t fix

Title: A Significant Security Breach: Over 9,000 ASUS Routers Compromised by Persistent Botnet Attack

In a troubling development for network security, a recent attack has compromised more than 9,000 ASUS routers, raising alarms within the cybersecurity community. Identified by cybersecurity experts at GreyNoise in March 2025, this severe incident involves a sophisticated botnet known as “AyySSHush,” which has revealed critical authentication vulnerabilities in these devices.

What sets this attack apart is the clever utilization of the routers’ built-in features to create a persistent SSH (Secure Shell) backdoor. This backdoor is particularly concerning because it resides in the router’s non-volatile memory (NVRAM), meaning it can survive both firmware updates and device reboots. Such resilience poses a significant challenge for conventional remediation strategies, as these methods rely on restoring the device to a known good state.

The implications of this breach are profound, as compromised routers can serve as entry points for further attacks, potentially allowing malicious actors to infiltrate connected networks and devices. Users of affected ASUS routers are urged to take immediate action, including changing default passwords, disabling remote management features, and monitoring network activity for any signs of unauthorized access.

As cybersecurity threats continue to evolve, it is crucial for manufacturers and users alike to enhance their security protocols and remain vigilant against persistent risks.

Share this content:

Leave a Reply

Your email address will not be published. Required fields are marked *