Cybersecurity Alert: Over 9,000 ASUS Routers Compromised by Persistent Botnet Attack

In an alarming revelation, a critical cybersecurity breach has impacted more than 9,000 ASUS routers, thanks to a sophisticated botnet known as “AyySSHush.” This disturbing development was unveiled in March 2025 by cybersecurity experts at GreyNoise, who reported that the attack takes advantage of authentication weaknesses in these devices.

The mechanism behind this intrusion is particularly notable; the perpetrators have exploited legitimate features of the routers to install a persistent SSH backdoor. This backdoor is cleverly embedded in the router’s non-volatile memory (NVRAM), allowing it to persist even through firmware updates and device restarts. As a result, conventional methods for remediation are proving ineffective, leaving many users at risk.

The implications of this breach are significant. Not only are the compromised routers vulnerable to further exploitation, but the resilience of the backdoor complicates efforts to restore device security. Users are urged to remain vigilant, monitor their devices closely, and consider additional security measures to safeguard their networks.

As the situation evolves, it is imperative for ASUS users to stay informed about updates from the company and cybersecurity professionals. This incident serves as a stark reminder of the importance of robust security practices and the need for constant vigilance in the ever-evolving landscape of cyber threats.