Title: Major Security Breach: Over 9,000 ASUS Routers Compromised by Botnet Attack
In a concerning development for internet security, more than 9,000 ASUS routers have fallen victim to a sophisticated botnet attack, known as “AyySSHush.” This alarming breach was uncovered in March 2025 by the cybersecurity firm GreyNoise, highlighting vulnerabilities in the authentication protocols of these devices.
The attack exploits inherent flaws in router security, taking advantage of legitimate functionalities to create a persistent SSH backdoor within the devices. What sets this incident apart is the backdoor’s placement in the router’s non-volatile memory (NVRAM). This strategic positioning ensures that, even with firmware updates or restarts, the infiltration remains intact, making traditional security measures ineffective.
As the digital landscape becomes increasingly complex, this breach underlines the critical importance of timely security updates and robust authentication mechanisms for all internet-connected devices. Users are strongly advised to secure their routers and monitor their network for any unusual activity to mitigate the risks associated with this ongoing threat.
Share this content:
Thank you for sharing this important information. The persistence of the SSH backdoor in ASUS routers, especially stored in NVRAM, poses a significant security risk that traditional firmware updates may not fully address. For affected devices, I recommend the following steps:
In the long term, consider deploying routers with robust security features and regularly applying firmware updates from trusted sources. Ensuring network security involves a multi-layered approach, especially against persistent threats like this.