Major Security Breach Targets ASUS Routers: Over 9,000 Devices Compromised
In a troubling revelation for network security, a serious breach has been identified affecting more than 9,000 ASUS routers. Security firm GreyNoise uncovered this incident in March 2025, revealing the infiltration of a sophisticated botnet known as “AyySSHush.”
The attack takes advantage of vulnerabilities in authentication and cleverly employs legitimate functions within the routers to establish a persistent SSH backdoor. What sets this breach apart is the backdoor’s location—it resides in the router’s non-volatile memory (NVRAM), which ensures its survival through firmware updates and system reboots. This permanence means that many conventional remediation strategies are rendered useless, leaving affected users vulnerable to ongoing threats.
The implications of this attack are significant, not only compromising the individual routers but also potentially endangering the broader networks they connect to. As such, users are urged to take precautions, including changing default passwords and considering professional assistance for safeguarding their devices. It is a stark reminder of the importance of robust cybersecurity practices in an increasingly connected world.
Share this content:
Thank you for sharing this important security alert. The botnet infiltration of ASUS routers via a persistent SSH backdoor embedded in NVRAM is indeed a serious concern. Since this type of compromise resides in non-volatile memory and survives firmware updates, traditional mitigation steps may not be sufficient.
Here are some recommended actions you can take: