Version 109: Over 9,000 Asus Router Devices Hacked via Botnet and Unremovable SSH Backdoor Despite Firmware Updates

BCAdmin1 Comment on Version 109: Over 9,000 Asus Router Devices Hacked via Botnet and Unremovable SSH Backdoor Despite Firmware Updates

Major Cybersecurity Breach: Over 9,000 ASUS Routers Compromised by Botnet Attack

In a alarming turn of events for consumer security, cybersecurity experts have uncovered a widespread incident affecting more than 9,000 ASUS routers. Dubbed “AyySSHush,” this sophisticated botnet attack exploits critical authentication vulnerabilities within these devices. The discovery, made by GreyNoise in March 2025, highlights the unnerving extent of modern cyber threats.

What sets this attack apart is the use of a persistent SSH backdoor that has been ingeniously embedded into the router’s non-volatile memory (NVRAM). This unique approach allows the malicious code to withstand firmware updates and even device reboots, making traditional security measures nearly ineffective in eradicating the threat.

The implications of such an intrusion are profound, as it not only compromises the routers themselves but also potentially exposes sensitive information and undermines the integrity of networks connected to these devices. Users are urged to remain vigilant and take proactive steps to secure their networks amidst this troubling revelation.

In light of this incident, it is imperative that ASUS customers implement immediate safeguards, including disabling remote access features and changing default passwords. As the cybersecurity landscape evolves, staying informed and proactive about device security is crucial in mitigating risks associated with such breaches.

Share this content:

Related Posts

One Comment

  1. Thank you for bringing attention to this critical security issue. Regarding the persistent SSH backdoor embedded in affected ASUS routers, it is indeed a sophisticated threat that can survive firmware updates and device reboots.

    Since traditional firmware updates do not remove the backdoor, I recommend the following steps:

    • Perform a factory reset of the affected device to clear any malicious configurations, ensuring you backup essential settings beforehand.
    • After resetting, immediately change all default passwords and disable remote access features such as SSH and Telnet if they are not required.
    • Consider re-flashing the firmware with a fresh official firmware or a trusted custom firmware, ensuring it’s from a legitimate source.
    • Implement network segmentation to isolate affected devices from critical infrastructure.
    • Regularly monitor network traffic for unusual activity and keep a close watch for updates or advisories from ASUS or cybersecurity communities regarding this threat.

    If the backdoor persists even after these measures, consult ASUS support or consider hardware replacement, as some malicious modifications may be deeply embedded in the device’s NVRAM.

    Staying vigilant and proactive is essential to protect your network

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *