Version 93: Over 9,000 Asus routers targeted by a botnet assault and an enduring SSH backdoor, immune to firmware patches

BCAdmin1 Comment on Version 93: Over 9,000 Asus routers targeted by a botnet assault and an enduring SSH backdoor, immune to firmware patches

Title: Major Cybersecurity Breach: 9,000 ASUS Routers Compromised by Persistent Botnet Attack

In a troubling revelation for cybersecurity, over 9,000 ASUS routers have been compromised due to a sophisticated botnet attack. This incident was flagged by cybersecurity experts at GreyNoise in March 2025. The attack, identified as the work of a botnet known as “AyySSHush,” capitalizes on authentication vulnerabilities inherent in the routers, enabling it to leverage legitimate functions for malicious purposes.

The most alarming aspect of this breach is the establishment of a persistent SSH backdoor. Unlike typical vulnerabilities that can be resolved through standard firmware updates, this backdoor is uniquely embedded in the router’s non-volatile memory (NVRAM). This innovative tactic allows the backdoor to survive both firmware upgrades and device reboots, leaving traditional remediation techniques ineffective.

The implications of this incident are far-reaching, raising concerns about the security of home networks that rely on these devices. As cybersecurity threats continue to evolve, users of ASUS routers are urged to take immediate precautions and review their network security measures. Staying informed and proactive is essential in safeguarding digital environments from such persistent threats.

Share this content:

Related Posts

One Comment

  1. Thank you for bringing this concerning issue to our attention. The presence of a persistent SSH backdoor embedded in NVRAM is indeed a significant security challenge, especially since it survives firmware updates and reboots. Here are some recommendations to mitigate this threat:

    • Perform a Factory Reset: Factory resetting the affected ASUS routers can sometimes help remove unauthorized modifications. However, since the backdoor is stored in NVRAM, this may not fully eliminate the risk.
    • Isolate Infected Devices: Segregate compromised routers from sensitive networks immediately to prevent lateral movement of malware or further compromise.
    • Update Firmware (if possible): Check whether the manufacturer has released a security patch tailored specifically for this vulnerability. Apply any relevant updates cautiously, and verify their effectiveness.
    • Physical Inspection and Reprogramming: In cases where the backdoor persists, advanced intervention such as reprogramming or replacing affected hardware might be necessary. Consulting with a professional cybersecurity service could be beneficial.
    • Monitor Network Traffic: Use network monitoring tools to detect unusual activity indicative of botnet command and control traffic or unauthorized SSH sessions.
    • Enhanced Security Practices: Enable robust firewall rules, disable unnecessary SSH services, and utilize VPNs, strong passwords, and multi-factor authentication to mitigate exploitation risks.
    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *