Major Cybersecurity Breach: Over 9,000 ASUS Routers Compromised by Persistent Botnet
In a troubling revelation for network security, more than 9,000 ASUS routers have fallen victim to a sophisticated cyberattack, marked by a botnet identified as “AyySSHush.” Uncovered by the cybersecurity experts at GreyNoise in March 2025, this incident highlights alarming vulnerabilities within router authentication protocols.
The AyySSHush botnet capitalizes on legitimate features inherent to the routers, facilitating the creation of a persistent SSH backdoor. What sets this attack apart is the backdoor’s integration into the router’s non-volatile memory (NVRAM), a maneuver that allows it to bypass traditional security measures, including firmware updates and device reboots. This persistence means that even after attempts to refresh or restore the device, the backdoor remains unaffected, posing an ongoing risk to users.
As consumers and businesses rely increasingly on connected devices, this breach underscores the necessity for robust security practices and awareness. Users of ASUS routers are urged to remain vigilant and consider implementing additional protective measures to safeguard their networks from potential exploitation.
Share this content:
