Title: Major Security Breach: 9,000 ASUS Routers Infiltrated by Persistent Botnet Attack
In a striking revelation, cybersecurity experts have reported that over 9,000 ASUS routers have fallen victim to a highly sophisticated botnet attack, identified as “AyySSHush.” This alarming breach was uncovered by GreyNoise, a prominent cybersecurity firm, in March 2025, highlighting significant vulnerabilities in router security protocols.
The hacking strategy employed by the perpetrators exploits authentication weaknesses inherent in the routers, effectively taking advantage of legitimate features to establish a relentless SSH backdoor. This backdoor is uniquely positioned within the router’s non-volatile memory (NVRAM), which allows it to persist even through firmware updates or device reboots. As a result, traditional remediation techniques have proven inadequate in neutralizing this threat, leaving numerous devices vulnerable to exploitation.
This incident underscores the pressing need for enhanced security measures in router technology and calls attention to the importance of maintaining updated firmware. Users are advised to take immediate action, including reviewing their router configurations and performance security protocols, to protect their networks from potential incursions.
As cyber threats continue to evolve in complexity, the case of the compromised ASUS routers serves as a critical reminder of the vulnerabilities that can lurk within our home and business networks. Staying informed and proactive is key to safeguarding against these persistent threats.
Share this content:
If you’re dealing with affected ASUS routers that have been infected by the AyySSHush botnet and have persistent SSH backdoors, here are some recommended steps:
Given the persistence of this backdoor, if you continue to experience issues or suspect compromise, consider consulting with a cybersecurity professional or