Cybersecurity Alert: Over 9,000 ASUS Routers Targeted by Botnet Attack
In a troubling development within the realm of cybersecurity, more than 9,000 ASUS routers have fallen victim to a sophisticated attack orchestrated by a botnet known as “AyySSHush.” This alarming breach was uncovered in March 2025 by the cybersecurity firm GreyNoise. The attack takes advantage of authentication vulnerabilities inherent to the routers, employing legitimate features to create a persistent SSH backdoor.
What sets this incident apart is the nature of the backdoor itself; it is cleverly embedded in the router’s non-volatile memory (NVRAM). This design enables the malicious code to survive through firmware updates and even device reboots, making standard remediation techniques ineffective. Users relying on these routers for their network security may face heightened risks, as traditional security measures fall short against this new breed of attack.
It is crucial for router owners to remain vigilant and consider second-level security protocols. Regular monitoring of network traffic and potential anomalous activity is recommended, as the threat posed by AyySSHush illustrates the ever-evolving landscape of cyber threats. The incident underscores the importance of robust cybersecurity practices, particularly for devices that form the backbone of home and business networks.
Stay informed and proactive in securing your technology to safeguard against potential threats like these.
Share this content:
Thank you for bringing this critical security issue to our attention.
The presence of a persistent SSH backdoor in ASUS routers, especially one embedded in NVRAM, indicates a sophisticated and hard-to-remove threat. Standard firmware updates often do not suffice since the malicious code persists across reboots and firmware reinstallations.
To mitigate this vulnerability, consider implementing the following steps:
Given the complexity of this issue,