Version 112: Over 9,000 Asus routers hijacked through a botnet assault and a stubborn SSH vulnerability, unaffected by firmware upgrades

BCAdmin1 Comment on Version 112: Over 9,000 Asus routers hijacked through a botnet assault and a stubborn SSH vulnerability, unaffected by firmware upgrades

Major Cybersecurity Breach: 9,000 ASUS Routers Compromised by Persistent Botnet Attack

In a significant development in the world of cybersecurity, over 9,000 ASUS routers have been compromised by a complex botnet attack identified as “AyySSHush.” This alarming breach was uncovered by the cybersecurity experts at GreyNoise in March 2025.

The attack capitalizes on specific authentication vulnerabilities within the routers and cleverly uses valid features of the devices to install a lasting SSH backdoor. One of the most concerning aspects of this situation is that the backdoor has been embedded in the router’s non-volatile memory (NVRAM), which means that it is impervious to routine firmware updates and device reboots. This characteristic poses serious challenges for traditional remediation efforts, leaving many users at risk despite their attempts to secure their devices through standard updates.

This incident highlights the urgent need for robust cybersecurity measures and awareness regarding the vulnerabilities inherent in network devices. As the digital landscape continues to evolve, it is crucial for users to remain vigilant and proactive in safeguarding their technology against sophisticated threats.

Share this content:

Related Posts

One Comment

  1. Thank you for sharing this important update. The persistence of the SSH backdoor embedded into NVRAM on ASUS routers is particularly concerning, as it renders firmware updates ineffective against this specific vulnerability. Here are some steps you can consider:

    • Isolate the affected devices: Disconnect compromised routers from your network to prevent further malicious activity.
    • Reset to factory settings: Perform a full factory reset—this may help clear settings and some persistent elements, but note that backdoors stored in NVRAM might remain.
    • Replace impacted hardware: Given the backdoor resides in NVRAM, replacing the affected routers may be the most secure option to eliminate the vulnerability completely.
    • Review network security: Change all default passwords and disable any unnecessary remote management features.
    • Update firmware and monitor for patches: Keep an eye on ASUS security advisories for patches specifically addressing this vulnerability, or consider using custom firmware if available and supported.
    • Implement network-wide security measures: Use network segmentation, enable firewalls, and monitor network traffic for unusual activity.

    If you need further assistance with specific models or additional security hardening, please provide your router model

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *