Major Cybersecurity Breach: Over 9,000 ASUS Routers Compromised by Persistent SSH Backdoor

In a troubling revelation, cybersecurity experts have reported that over 9,000 ASUS routers have fallen victim to a sophisticated botnet attack, identified as “AyySSHush.” This incident, brought to light in March 2025 by the renowned cybersecurity firm GreyNoise, highlights serious vulnerabilities that threaten the integrity of internet-connected devices.

The exploit takes advantage of authentication weaknesses within the routers, cleverly leveraging legitimate features to create a lasting SSH backdoor. This backdoor, critically, is stored in the router’s non-volatile memory (NVRAM). This design choice allows the malicious code to persist through firmware updates and even device reboots, posing a significant challenge for standard remediation strategies.

As this incident unfolds, it underscores the urgent need for enhanced security measures in the realm of consumer networking devices. The lasting presence of such vulnerabilities not only compromises individual users but also poses broader risks to networks and data security. Users of ASUS routers are advised to take immediate action to safeguard their devices and remain vigilant against potential threats.

This situation serves as a stark reminder of the importance of robust cybersecurity practices and the ongoing battle between cybercriminals and those striving to protect our digital landscapes. Stay informed and proactive to ensure your home network remains secure.