Major Cybersecurity Breach: 9,000 ASUS Routers Compromised by Persistent Botnet Threat

In a troubling cybersecurity development, an estimated 9,000 ASUS routers have been infiltrated due to a complex botnet attack identified by the security firm GreyNoise. Labeled “AyySSHush,” this threat was uncovered in March 2025 and has raised alarms within the tech community.

At the core of this attack are serious vulnerabilities in router authentication, allowing the adversaries to take advantage of the routers’ legitimate functionalities to create a continuous SSH backdoor. What makes this intrusion particularly concerning is that this backdoor is implanted in the router’s non-volatile memory (NVRAM). This represents a significant challenge because it means that even firmware updates—which are typically a standard solution for mitigating such vulnerabilities—are rendered ineffective. As a result, any attempts to reboot or update the device will not eliminate the compromised access point.

Cisco routers, which form a critical part of many home and business networks, are now increasingly under scrutiny. Users and network administrators are urged to take immediate steps to secure their devices, including changing default passwords and closely monitoring device behavior for signs of unusual activity.

This incident highlights the importance of maintaining robust security protocols for all internet-connected devices. It serves as a stark reminder that even trusted hardware can become a vector for cyber threats if not adequately protected. Cybersecurity professionals recommend regular reviews of network security measures to mitigate the risks posed by such sophisticated attacks.

With the rise of interconnected devices, proactive measures are key to safeguarding your digital infrastructure.