Major Security Breach: 9,000 ASUS Routers Compromised by Botnet Attack

In a concerning development within the realm of cybersecurity, over 9,000 ASUS routers have fallen victim to a sophisticated botnet attack, known as “AyySSHush.” This alarming breach, uncovered by the cybersecurity experts at GreyNoise in March 2025, highlights critical vulnerabilities that are actively being exploited by malicious actors.

The attack takes advantage of weaknesses in the router’s authentication system, leveraging legitimate features to create a lasting SSH backdoor. What sets this incident apart is the method of persistence: the backdoor is embedded deep within the router’s non-volatile memory (NVRAM). This design allows it to remain intact even through routine firmware updates and device reboots, which undermines traditional efforts to remediate such security threats.

As a result, users are left in a precarious position, as conventional methods of securing their devices prove ineffective against this evolving and increasingly insidious threat. It’s crucial for individuals and organizations relying on ASUS routers to remain vigilant and to consider additional protective measures. Keeping firmware up to date is always advisable, but in light of this incident, users may also need to explore alternative security options.

Stay informed about the latest cybersecurity developments and take proactive steps to ensure your devices remain secure. As this situation exemplifies, the landscape of digital threats is ever-changing, making awareness and preparedness essential.