Major Cybersecurity Breach: Over 9,000 ASUS Routers Targeted by Persistent Botnet Attack
In a troubling development for network security, more than 9,000 ASUS routers have been compromised by a sophisticated botnet known as “AyySSHush.” This alarming discovery was made by cybersecurity experts at GreyNoise in March 2025.
The attack takes advantage of specific authentication vulnerabilities within the routers. What sets this incident apart is the unique approach taken by the attackers. They have leveraged legitimate features of the routers to create a persistent SSH backdoor, which is alarmingly embedded in the non-volatile memory (NVRAM) of the devices. This means that even routine firmware updates or device reboots will not erase the backdoor, posing a significant challenge for users attempting to secure their systems.
As cybersecurity threats continue to evolve, this incident underscores the importance of staying informed and proactive in safeguarding home and business networks. Standard remediation techniques may no longer suffice, emphasizing the need for ongoing vigilance in the face of such complex and persistent threats. Security professionals and users alike must take heed of these developments as they navigate the increasingly challenging landscape of cybersecurity.
Share this content:
Thank you for bringing this critical issue to our attention.
This cybersecurity breach involving ASUS routers with persistent SSH backdoors is indeed concerning. Given that the backdoor resides in the NVRAM and withstands firmware updates or reboots, traditional methods of securing your device may not be sufficient.
Here are some steps you can take to mitigate this threat: