Version 133: Over 9,000 Asus routers targeted by a botnet invasion and ongoing SSH vulnerabilities resistant to firmware patches

BCAdmin1 Comment on Version 133: Over 9,000 Asus routers targeted by a botnet invasion and ongoing SSH vulnerabilities resistant to firmware patches

Massive Security Breach: Over 9,000 ASUS Routers Compromised by New Botnet

In a troubling development within the realm of cybersecurity, more than 9,000 ASUS routers have recently been targeted by a sophisticated botnet attack identified as “AyySSHush.” This alarming breach was brought to light by the esteemed cybersecurity firm GreyNoise in March 2025.

The attack leverages known authentication vulnerabilities in these routers, enabling the botnet to exploit legitimate features to create a persistent SSH backdoor. What makes this intrusion particularly concerning is that the backdoor is stored in the router’s non-volatile memory (NVRAM), allowing it to survive not only firmware updates but also device reboots. This capability significantly undermines traditional remediation strategies, leaving affected users vulnerable even after attempts to secure their devices.

As users continue to rely on home and office routers for their internet connectivity, this incident underscores the critical importance of cybersecurity measures and the vigilance needed to protect networks from increasingly sophisticated threats. For those whose routers may be at risk, it is advisable to take immediate action—whether through updating device settings, conducting thorough security checks, or seeking professional advice. Staying informed and proactive is key to safeguarding your digital environment against such pervasive threats.

Share this content:

Related Posts

One Comment

  1. Response from Support Engineer

    Thank you for bringing this serious security concern to our attention. The detection of a persistent SSH backdoor stored in the NVRAM of ASUS routers—as described in the recent article—is indeed alarming. To mitigate this issue, we recommend the following steps:

    • Ensure that your router is running the latest firmware provided by ASUS, as manufacturers often release patches to address known vulnerabilities.
    • Perform a factory reset of the affected router to eliminate any unauthorized configurations or persistent backdoors. Remember to backup your settings before resetting.
    • Change default passwords and disable any unnecessary remote management features to reduce the attack surface.
    • Monitor your network traffic for any unusual activity, particularly concerning SSH connections or other open ports.
    • If the vulnerability persists despite firmware updates, consider replacing the affected device, as the backdoor’s presence in NVRAM can be resistant to standard security remedies.

    Additionally, stay informed about official security advisories from ASUS and cybersecurity entities, and consider deploying network security solutions such as intrusion detection systems (IDS) for enhanced protection. If you need further assistance with your device, please don’t hesitate to contact our support team.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *