Critical Security Breach: Over 9,000 ASUS Routers Affected by Botnet Attack

In a troubling development within the realm of cybersecurity, more than 9,000 ASUS routers have fallen victim to a sophisticated botnet operation known as “AyySSHush.” This high-profile incident was unveiled in March 2025 by the cybersecurity research firm GreyNoise, shedding light on the alarming vulnerabilities that can compromise home networking equipment.

The attack leverages specific authentication weaknesses in the router’s architecture and cleverly takes advantage of legitimate functions to create a persistent SSH backdoor. One of the most concerning aspects of this breach is the fact that the backdoor is stored in the router’s non-volatile memory (NVRAM). This unique method ensures that the backdoor remains intact even after firmware updates or device reboots, making it exceptionally difficult for users and IT professionals to eliminate the threat through conventional means.

Users of affected ASUS routers should approach this situation with caution. Given the severity and complexity of the ongoing threat, it’s crucial to stay informed about potential protective measures and updates from ASUS. As the threat landscape continues to evolve, such incidents serve as a stark reminder of the importance of robust cybersecurity practices in safeguarding personal and professional networks alike.