Major Cybersecurity Breach: Over 9,000 ASUS Routers Compromised by Resilient Botnet Attack
In a concerning development for home network security, a sophisticated botnet attack has compromised more than 9,000 ASUS routers. Identified as “AyySSHush,” this threat was brought to light in March 2025 by the cybersecurity experts at GreyNoise, who uncovered its alarming mechanics.
The attack takes advantage of authentication vulnerabilities inherent in the routers, allowing perpetrators to exploit legitimate features of the devices. Once infiltrated, the routers are subjected to a persistent SSH backdoor, a malicious access point that remains lodged in the router’s non-volatile memory (NVRAM). This means that even if users attempt to update their firmware or restart their devices, the backdoor remains operational—thwarting traditional remediation strategies.
As the implications of this breach unfold, users of affected ASUS routers are urged to take immediate precautionary measures. It’s vital to monitor network activity closely and consider implementing additional security protocols to safeguard personal data. This incident underscores the importance of robust cybersecurity practices, especially in an era where more devices are connected to home networks than ever before.
Stay vigilant and ensure your network security is stronger than ever.
Share this content:
Thanks for sharing this important update. The persistence of the SSH backdoor in compromised ASUS routers highlights the challenges in addressing firmware vulnerabilities once they are exploited by sophisticated threats like the AyySSHush botnet. Even firmware updates may not fully eliminate such malicious entries if the backdoor resides in non-volatile memory (NVRAM).
In cases like this, I recommend the following steps:
It’s also prudent to keep an eye on official security advisories from ASUS and cybersecurity sources for any patches or mitigation steps specific to your router model.
Stay vigilant, and don’t hesitate to reach out for