Version 113: Over 9,000 Asus Routers Infiltrated by Botnet and Enduring SSH Backdoor Resistant to Firmware Updates

BCAdmin1 Comment on Version 113: Over 9,000 Asus Routers Infiltrated by Botnet and Enduring SSH Backdoor Resistant to Firmware Updates

Major Breach: 9,000 ASUS Routers Compromised by Botnet Attack with Unpatchable SSH Backdoor

The cybersecurity landscape is facing a major challenge, as a recent incident has compromised over 9,000 ASUS routers. This breach, identified as the “AyySSHush” botnet, highlights the critical vulnerabilities that can be exploited through the exploitation of router authentication flaws.

The incident came to light in March 2025, thanks to the investigation by cybersecurity firm GreyNoise. What makes this attack particularly alarming is its manipulation of legitimate features within the router’s framework, enabling hackers to create a persistent SSH backdoor. This backdoor is not only cleverly devised but is also embedded in the router’s non-volatile memory (NVRAM), which means it can withstand firmware updates and even device reboots.

This unique method of embedding the backdoor makes traditional approaches to remediation inadequate. Users may apply firmware updates in hopes of resolving security issues, only to find that the threat endures undetected. As a result, this breach underscores the urgent need for users to assess their router settings and implement security measures that go beyond typical software updates.

In light of this revelation, it is crucial for individuals and organizations alike to remain vigilant and proactive about their cybersecurity practices, particularly regarding home and office networking equipment. Staying informed and cautious can help mitigate potential risks posed by similar attacks in the future.

Share this content:

Related Posts

One Comment

  1. Thank you for bringing attention to this serious vulnerability involving ASUS routers. The persistence of the SSH backdoor embedded in NVRAM indeed complicates traditional remediation efforts, as firmware updates alone may not remove the threat.

    As a technical support recommendation, users should consider the following steps:

    • Perform a complete factory reset of the affected routers to erase persistent configurations and backdoors, if possible.
    • Change all default passwords and use strong, unique credentials for administrative access.
    • Disable SSH access if it is not necessary for your configuration, or restrict it to trusted networks.
    • Review and tighten network security settings, such as enabling WPA3 Wi-Fi encryption, disabling UPnP, and implementing network segmentation.
    • Monitor network traffic for unusual activity that may indicate remote access or botnet communication.
    • Stay informed about firmware updates from ASUS or security advisories related to your device model, and apply updates promptly when they become available.

    Additionally, consider deploying network security appliances or tools that can detect unauthorized access, and regularly audit your device configurations to ensure optimal security posture. If the device is no longer receiving security updates, replacing it with newer, supported hardware may be the most secure option.

    Always

    Reply

Leave a Reply to [email protected] Cancel reply

Your email address will not be published. Required fields are marked *