Version 54: Over 9,000 Asus routers fall victim to a relentless botnet assault and an enduring SSH backdoor unaffected by firmware updates

BCAdmin1 Comment on Version 54: Over 9,000 Asus routers fall victim to a relentless botnet assault and an enduring SSH backdoor unaffected by firmware updates

Major Cybersecurity Breach: 9,000 ASUS Routers Compromised by Persistent Botnet Threat

In a troubling development for network security, recent reports indicate that a substantial number of ASUS routers—more than 9,000—have fallen victim to a sophisticated cyberattack. Cybersecurity experts from GreyNoise uncovered this incident back in March 2025, unveiling a pervasive botnet known as “AyySSHush.”

The attack takes advantage of certain authentication flaws and strategic features inherent to the routers, enabling the establishment of a persistent SSH backdoor. What sets this breach apart is the backdoor’s unique placement in the device’s non-volatile random-access memory (NVRAM). This design means that reboots or even firmware updates fail to eradicate the threat, making conventional recovery methods surprisingly ineffective.

This situation underscores the pressing need for robust security practices, with this incident serving as a stark reminder of the vulnerabilities present in consumer-grade hardware. As users increasingly rely on these devices for home and office connectivity, remaining vigilant and updating security measures becomes paramount to safeguarding sensitive information.

In light of this breach, it’s advised that ASUS router users review their device’s security settings and consider implementing additional protective measures to thwart potential threats.

Share this content:

Related Posts

One Comment

  1. Thank you for sharing this important security update. If your ASUS router has been affected by this persistent breach, especially with a backdoor stored in NVRAM, standard firmware updates might not be sufficient to resolve the issue. Here are some recommended steps:

    • Perform a Full Factory Reset: Use the reset pinhole on your device and hold it for 10-15 seconds to ensure a complete reset, which can clear volatile configurations but might not erase NVRAM-stored malware.
    • Reflash the Firmware: Download the latest firmware directly from ASUS’s official website. Use the router’s recovery mode or TFTP method to ensure the firmware is flashed cleanly, with an emphasis on verifying the integrity of the download.
    • Consider NVRAM Clearing: Although more advanced, some users have reported success by connecting to the router via serial console (if available) and manually clearing or overwriting the NVRAM. This process varies by model and can be risky—please consult your device’s technical documentation or a professional before attempting.
    • Security Practices: Change all default passwords, disable unnecessary services (like SSH if not needed), and enable WPA3 encryption on your Wi-Fi network.
    • Network Monitoring: Keep an eye on network traffic for unusual activity, and consider deploying network security tools or devices to detect suspicious connections
    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *