Version 45: Over 9,000 Asus routers infected by a botnet assault and an enduring SSH backdoor unremovable through firmware updates

BCAdmin1 Comment on Version 45: Over 9,000 Asus routers infected by a botnet assault and an enduring SSH backdoor unremovable through firmware updates

Major Cybersecurity Breach: Over 9,000 ASUS Routers Compromised by Sophisticated Botnet

In a troubling revelation, more than 9,000 ASUS routers have fallen victim to a complex cyberattack identified by the cybersecurity firm GreyNoise. This incident, which came to light in March 2025, has been attributed to a botnet known as “AyySSHush.”

The attack leverages existing vulnerabilities in router authentication protocols and takes advantage of legitimate features within the router’s framework. What sets this breach apart is the establishment of a persistent SSH backdoor, which poses a significant risk to users. This backdoor is cunningly embedded in the router’s non-volatile memory (NVRAM). As a result, it remains intact even through firmware updates and device reboots, making conventional methods of remediation ineffective.

For users relying on these affected devices, the implications are severe. Traditional cybersecurity safeguards typically rely on the assumption that firmware updates can restore security levels by removing threats; however, in this case, the exploit’s resilience undermines such measures.

It is crucial for ASUS router owners to take immediate action by evaluating their security settings and considering more robust protection strategies. Staying informed about the evolving landscape of cyber threats can help mitigate risks associated with these types of attacks.

Share this content:

Related Posts

One Comment

  1. Thank you for bringing this critical issue to attention. The persistence of the SSH backdoor embedded in the ASUS routers’ NVRAM is indeed concerning, as it evades typical firmware updates. To mitigate this threat, I recommend the following steps:

    • Perform a Factory Reset: If possible, initiate a full factory reset of your affected router to clear settings and potentially remove the backdoor. Be aware, however, that this may not always eliminate NVRAM-resident vulnerabilities.
    • Change Default Credentials: Immediately update all login credentials to strong, unique passwords to prevent unauthorized access.
    • Disable Unnecessary Services: Turn off SSH and other remote management features if they are not strictly required, reducing attack surfaces.
    • Monitor Network Traffic: Use network monitoring tools to identify unusual activity that could indicate exploitation or ongoing malicious connections.
    • Hardware Replacement: Given the resilience of this backdoor, consider replacing affected devices with newer models that have patched firmware or enhanced security features.
    • Stay Informed and Apply Firmware Updates: Regularly check for firmware updates from ASUS that specifically address this vulnerability, and apply them promptly whenever available.
    • Consult with ASUS Support: Reach
    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *