Version 75: Over 9,000 Asus router models hijacked via botnet assault and enduring SSH backdoor resistant to firmware patches

BCAdmin1 Comment on Version 75: Over 9,000 Asus router models hijacked via botnet assault and enduring SSH backdoor resistant to firmware patches

Title: Major Cybersecurity Breach: 9,000 ASUS Routers Compromised by Persistent Botnet

In a startling development for cybersecurity, a recent attack has compromised over 9,000 ASUS routers, revealing vulnerabilities that could have significant implications for users. This breach has been attributed to a highly sophisticated botnet known as “AyySSHush,” which was uncovered in March 2025 by the cybersecurity experts at GreyNoise.

The AyySSHush botnet exploits specific authentication weaknesses and cleverly leverages legitimate functionalities of the routers to establish a continuous SSH backdoor. This means that once the device has been compromised, the malicious code is embedded within the router’s non-volatile memory (NVRAM). This poses a serious challenge since the backdoor remains intact even after firmware updates or device reboots—traditional methods to eradicate such threats are thus rendered ineffective.

Given the critical nature of these vulnerabilities, ASUS users are urged to take immediate precautions to secure their networks. This incident serves as a stark reminder of the evolving nature of cybersecurity threats and highlights the importance of proactive measures in safeguarding home and business networks alike.

Share this content:

Related Posts

One Comment

  1. Thank you for bringing this critical issue to our attention. The vulnerability described in the ASUS routers and the persistence of the SSH backdoor pose significant security challenges. To mitigate the risk, we recommend the following steps:

    • Firmware Updates: Continuously check for official firmware updates from ASUS. While traditional patches may not fully remove embedded backdoors, manufacturers often release security patches to address known vulnerabilities.
    • Reset to Factory Settings: Perform a thorough factory reset of your router. Be aware, however, that if the malicious code is stored in non-volatile memory, a reset may not eliminate it. In that case, re-flashing the firmware from a trusted source or using a recovery mode might be necessary.
    • Switch to Secure Authentication: Disable any unused services, change default passwords, and consider implementing stronger, unpredictable passwords or multi-factor authentication if supported.
    • Monitor Network Traffic: Keep an eye on unusual activity or connections, especially involving SSH. Use network monitoring tools to detect unauthorized access attempts.
    • Segment Your Network: Isolate critical devices from general network segments to minimize potential exposure.
    • Consult ASUS Support: Reach out to ASUS technical support for guidance. They may have additional tools or procedures specifically
    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *