Version 68: Over 9,000 Asus routers affected by a botnet assault and a stubborn SSH backdoor resistant to firmware updates

BCAdmin1 Comment on Version 68: Over 9,000 Asus routers affected by a botnet assault and a stubborn SSH backdoor resistant to firmware updates

Major Cybersecurity Breach: Over 9,000 ASUS Routers Infiltrated by Persistent Botnet Attack

In a troubling development for network security, a substantial number of ASUS routers—over 9,000 in total—have fallen victim to a sophisticated botnet attack, identified as “AyySSHush.” This alarming breach was uncovered in March 2025 by cybersecurity experts at GreyNoise, highlighting the evolving threats that consumers and businesses alike face in the digital realm.

The attack leverages significant authentication vulnerabilities in the affected routers, taking advantage of legitimate features to create a lasting SSH backdoor. What is particularly concerning is that this backdoor resides in the router’s non-volatile memory (NVRAM), which means it can withstand even the most common remediation efforts such as firmware updates and device reboots. Traditional security measures, once thought sufficient to tackle such issues, are proving inadequate against this new breed of malware.

As a result of this incident, affected users are advised to take immediate action to safeguard their networks. It is critical to change default settings, including passwords, and to monitor network activity closely for any unusual behavior. The rise of such advanced threats underscores the necessity for continued vigilance and proactive security measures in the age of widespread connectivity.

Stay tuned for further updates as we continue to monitor this situation.

Share this content:

Related Posts

One Comment

  1. Thank you for bringing this critical issue to our attention.

    Given the persistence of the SSH backdoor residing in the router’s NVRAM, standard firmware updates may not suffice to fully remove the threat. To enhance your router’s security, consider the following steps:

    • Perform a deep factory reset: Use the reset pin or button for a prolonged press (typically 10-30 seconds) to ensure all settings, including persistent backdoors, are wiped.
    • Reflashing the firmware: Download the latest official firmware directly from ASUS’s website and perform a manual firmware flash, avoiding any firmware versions known to be compromised.
    • Implement strong password policies: Change default and administrative passwords to complex, unique credentials.
    • Disable unnecessary services: Turn off SSH access if not needed, or restrict access via IP whitelisting.
    • Use network segmentation: Isolate IoT and critical devices onto separate network segments to limit potential lateral movement of malware.

    Additionally, monitor network traffic actively for unusual activity, and consider deploying IDS/IPS solutions to detect ongoing threats. If the backdoor persists even after these steps, contacting ASUS support for potential hardware replacement or firmware patches is advisable. Stay vigilant and maintain regular security audits.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *