Version 106: Over 9,000 Asus routers targeted by a botnet assault and a stubborn SSH backdoor immune to firmware patches

BCAdmin1 Comment on Version 106: Over 9,000 Asus routers targeted by a botnet assault and a stubborn SSH backdoor immune to firmware patches

Major Security Breach: Over 9,000 ASUS Routers Compromised by Persistent Botnet

In a troubling development for network security, a recent attack has compromised more than 9,000 ASUS routers through a complex botnet known as “AyySSHush.” This alarming breach was uncovered in March 2025 by cybersecurity specialists at GreyNoise, who identified the exploitation of authentication weaknesses in the routers.

The botnet takes advantage of legitimate features within the routers to install a persistent SSH backdoor, a method that significantly complicates any attempts to regain control of the affected devices. What exacerbates the situation is that this backdoor has been cleverly integrated into the router’s non-volatile memory (NVRAM). As a result, even firmware updates and device reboots fail to eliminate this vulnerability, as it remains intact regardless of traditional remediation efforts.

This incident highlights the critical need for improved security measures and prompts users to regularly review their router configurations and firmware for potential vulnerabilities. Given the evolving nature of cyber threats, it is essential now more than ever to stay informed and proactive in safeguarding home and office networks from such attacks.

For those using ASUS routers, vigilance is key. It is highly recommended to monitor any unusual network activity and to keep an eye out for updates from ASUS addressing this serious issue. Advances in security practices and awareness can significantly mitigate risks in the continuously evolving landscape of cybersecurity.

Share this content:

Related Posts

One Comment

  1. Re: Version 106: Over 9,000 Asus routers targeted by a botnet assault and a stubborn SSH backdoor immune to firmware patches

    Thank you for sharing this critical update regarding the security vulnerabilities in ASUS routers. The persistence of the SSH backdoor embedded in NVRAM indeed presents a challenging scenario for remediation, as traditional firmware updates and reboots are ineffective in removing it.

    To address this issue, I recommend the following steps:

    • Isolate affected devices: If you suspect your router has been compromised, disconnect it from the network immediately to prevent further malicious activity.
    • Perform a factory reset: Some routers may respond better to a thorough reset, but be aware that if the backdoor is embedded in NVRAM, this may not eliminate it. Consult your router’s manual or ASUS support documentation for specific reset procedures that may help.
    • Update firmware: Ensure you are running the latest firmware provided directly from ASUS, especially any patches addressing this vulnerability. Keep checking ASUS’s official support channels regularly for updates.
    • Implement network monitoring: Use network analysis tools to look for unusual traffic patterns, which could indicate ongoing malicious activity.
    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *