Version 135: Over 9,000 Asus routers infected by a persistent SSH backdoor and botnet assault resistant to firmware updates

BCAdmin1 Comment on Version 135: Over 9,000 Asus routers infected by a persistent SSH backdoor and botnet assault resistant to firmware updates

Major Cybersecurity Breach: Over 9,000 ASUS Routers Targeted by Persistent Botnet Attack

In a troubling development for network security, more than 9,000 ASUS routers have been compromised by a sophisticated botnet known as “AyySSHush.” This alarming discovery was made by cybersecurity experts at GreyNoise in March 2025.

The attack takes advantage of specific authentication vulnerabilities within the routers. What sets this incident apart is the unique approach taken by the attackers. They have leveraged legitimate features of the routers to create a persistent SSH backdoor, which is alarmingly embedded in the non-volatile memory (NVRAM) of the devices. This means that even routine firmware updates or device reboots will not erase the backdoor, posing a significant challenge for users attempting to secure their systems.

As cybersecurity threats continue to evolve, this incident underscores the importance of staying informed and proactive in safeguarding home and business networks. Standard remediation techniques may no longer suffice, emphasizing the need for ongoing vigilance in the face of such complex and persistent threats. Security professionals and users alike must take heed of these developments as they navigate the increasingly challenging landscape of cybersecurity.

Share this content:

Related Posts

One Comment

  1. Thank you for bringing this critical issue to our attention.

    This cybersecurity breach involving ASUS routers with persistent SSH backdoors is indeed concerning. Given that the backdoor resides in the NVRAM and withstands firmware updates or reboots, traditional methods of securing your device may not be sufficient.

    Here are some steps you can take to mitigate this threat:

    • Update Firmware: Ensure your routers are running the latest firmware provided directly by ASUS, as manufacturers may release patches to address such vulnerabilities.
    • Factory Reset: Perform a comprehensive factory reset, and reconfigure your router manually instead of restoring from backups, which could reintroduce compromised settings.
    • Secure Access: Change default credentials and disable remote management features unless absolutely necessary. Use strong, unique passwords.
    • Network Segmentation: Consider segmenting your network to isolate sensitive devices from the main network.
    • Monitor Traffic: Use network monitoring tools to observe unusual activity that could indicate compromise.
    • Consult ASUS Support: Contact ASUS support for guidance and confirmation if your device shows signs of infection or persistent vulnerabilities.
    • Additional Security Measures:
    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *