Version 108: “Over 9,000 Asus Router Devices Hacked Through Botnet Infiltration and Unremovable SSH Backdoor Despite Firmware Upgrades”

BCAdmin1 Comment on Version 108: “Over 9,000 Asus Router Devices Hacked Through Botnet Infiltration and Unremovable SSH Backdoor Despite Firmware Upgrades”

Major Security Breach: Over 9,000 ASUS Routers Compromised by Persistent Botnet Attack

In a concerning development for internet security, more than 9,000 ASUS routers have fallen victim to a sophisticated cyberattack involving a botnet named “AyySSHush.” This significant breach was first identified by the cybersecurity firm GreyNoise in March 2025. The attack takes advantage of authentication vulnerabilities within the routers and uses legitimate functionalities to create a persistent SSH backdoor.

What sets this attack apart is the manner in which the backdoor has been integrated. It resides within the router’s non-volatile memory (NVRAM), which means it remains intact even through firmware updates and device reboots—traditional methods of fixing vulnerabilities fall short in this case. As a result, users are left vulnerable despite attempts to safeguard their networks.

This incident serves as a stark reminder of the evolving and persistent threats in the realm of cybersecurity. The situation underscores the need for robust security measures and vigilant updates to shield devices from potential exploits. Users of affected ASUS routers are urged to remain cautious and consider additional security protocols to protect their networks from unauthorized access.

As this scenario unfolds, it is crucial for manufacturers to address such vulnerabilities swiftly and for consumers to stay informed about the security status of their devices.

Share this content:

Related Posts

One Comment

  1. Thank you for bringing this critical security issue to our attention. The persistence of SSH backdoors in ASUS routers, especially ones residing in NVRAM, can be challenging to fully eliminate through firmware updates alone. Here are some recommended steps you can take to enhance your network security:

    • Ensure you’re running the latest firmware from ASUS, as they may issue security patches specifically addressing this vulnerability.
    • Perform a comprehensive factory reset of your router:
      1. Press and hold the reset button for at least 10-15 seconds while the device is powered on.
      2. After resetting, reconfigure your router from scratch instead of restoring from a backup, to avoid reintroducing the backdoor.
    • Change default admin credentials to strong, unique passwords to prevent unauthorized access.
    • Disable SSH and other management interfaces (like Telnet or UPnP) if they are not necessary for your network operations.
    • Implement network segmentation to separate your IoT devices from your primary network, reducing potential attack vectors.
    • Consider monitoring your network traffic for unusual activity, and use security tools such as intrusion detection systems where possible.
    • Stay informed by subscribing to ASUS security advisories and reputable cybersecurity sources to be alerted about further updates or recommendations.

    If the backdoor persists after these steps, it may

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *