Version 114: Over 9,000 Asus routers infiltrated by a botnet exploiting a stubborn SSH backdoor resistant to firmware patches

BCAdmin1 Comment on Version 114: Over 9,000 Asus routers infiltrated by a botnet exploiting a stubborn SSH backdoor resistant to firmware patches

Title: Major Cybersecurity Breach: Over 9,000 ASUS Routers Compromised by Persistent Botnet

In a troubling development in cybersecurity, more than 9,000 ASUS routers have reportedly fallen victim to a sophisticated botnet attack identified as “AyySSHush.” This alarming revelation emerged in March 2025, following an investigation by the well-known cybersecurity firm GreyNoise.

The attack capitalizes on specific authentication vulnerabilities present in the routers, leveraging legitimate features to create a persistent SSH backdoor. This backdoor is particularly concerning as it is embedded within the router’s non-volatile memory (NVRAM), which means that it survives firmware updates and device reboots. Consequently, conventional remediation strategies—typically relied upon to secure devices—prove ineffective against this threat.

The implications of such a breach are significant, prompting urgent recommendations for affected users to review their network security measures and take immediate action to safeguard their devices. As the nature of this attack highlights the evolving sophistication of cyber threats, staying informed and proactive is key to protecting your digital environment.

Share this content:

Related Posts

One Comment

  1. Important Security Advisory for ASUS Router Users

    Thank you for bringing this critical issue to attention. The reported persistence of the SSH backdoor embedded in NVRAM indicates a level of sophistication that standard firmware updates may not address.

    To mitigate this threat, consider the following steps:

    • Perform a full reset of your affected routers to factory settings, if possible, to remove any residual modifications. Note that if the backdoor resides in NVRAM, this may not fully eliminate the threat.
    • Monitor network traffic closely for suspicious activity, especially unauthorized SSH connections.
    • Change all default passwords and enforce strong, unique credentials on your routers.
    • Disable SSH access if it’s not required, or restrict it to trusted IP addresses via access control lists.
    • Stay updated with firmware that specifically addresses this vulnerability; check ASUS’s official support channels regularly for patches and security updates.
    • Consider deploying network security solutions such as intrusion detection systems (IDS) for enhanced monitoring.

    Due to the persistent nature of this backdoor, it may also be advisable to replace affected devices if firmware

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *