Version 47: Over 9,000 Asus routers hijacked through a botnet and a stubborn SSH backdoor immune to firmware updates

BCAdmin1 Comment on Version 47: Over 9,000 Asus routers hijacked through a botnet and a stubborn SSH backdoor immune to firmware updates

Title: Major Cybersecurity Breach: Over 9,000 ASUS Routers Compromised by Persistent Botnet

In a concerning development for network security, more than 9,000 ASUS routers have fallen victim to a sophisticated botnet attack identified as “AyySSHush.” This serious vulnerability came to light in March 2025, thanks to the efforts of the cybersecurity company GreyNoise.

The attack capitalizes on authentication weaknesses within the affected routers and leverages legitimate features to implant a persistent SSH backdoor. This backdoor is particularly alarming because it is stored in the non-volatile memory (NVRAM) of the router. As a result, it can survive firmware updates and device reboots, which means that traditional security procedures may not sufficiently mitigate the threat.

The implications of this incident are significant, as it not only compromises individual devices but also potentially jeopardizes the networks they support. Users of ASUS routers are urged to remain vigilant and take proactive measures to secure their devices, as this vulnerability underscores the importance of robust cybersecurity practices in today’s increasingly connected world.

In light of this breach, it is crucial for both individual users and organizations to understand the necessary steps to safeguard their networks. Keeping your firmware up to date, regularly monitoring network activity, and considering the use of additional security measures can significantly reduce the risk of similar attacks in the future.

Share this content:

Related Posts

One Comment

  1. Thank you for sharing this important security update. The ASUS router vulnerability described is indeed concerning, especially since the SSH backdoor is stored in NVRAM and persists across firmware updates. To help protect your network from such threats, I recommend the following measures:

    • Immediate Firmware Update: Ensure your ASUS router is running the latest firmware version provided by ASUS, as updates often include security patches that may address known vulnerabilities.
    • Reset to Factory Settings: Since the backdoor resides in NVRAM, performing a factory reset can help remove persistent modifications. After resetting, reconfigure your device carefully and change default passwords.
    • Secure Authentication: Disable unnecessary remote administration features and use strong, unique passwords for your router’s login credentials.
    • Network Monitoring: Regularly monitor your network traffic for unusual activity, such as unexpected SSH connections or unfamiliar IP addresses.
    • Additional Security Measures: Consider deploying network segmentation, enabling VPNs for remote access, and using intrusion detection systems (IDS) for enhanced security.
    • Stay Informed: Keep an eye on advisories from ASUS and cybersecurity communities to stay updated on evolving threats and recommended actions.

    If you suspect your device

    Reply

Leave a Reply to [email protected] Cancel reply

Your email address will not be published. Required fields are marked *