Version 49: Over 9,000 Asus routers hacked through a botnet and a hidden SSH backdoor impervious to firmware updates

BCAdmin1 Comment on Version 49: Over 9,000 Asus routers hacked through a botnet and a hidden SSH backdoor impervious to firmware updates

Critical Security Breach: Over 9,000 ASUS Routers Affected by Botnet Attack

In a troubling development within the realm of cybersecurity, more than 9,000 ASUS routers have fallen victim to a sophisticated botnet operation known as “AyySSHush.” This high-profile incident was unveiled in March 2025 by the cybersecurity research firm GreyNoise, shedding light on the alarming vulnerabilities that can compromise home networking equipment.

The attack leverages specific authentication weaknesses in the router’s architecture and cleverly takes advantage of legitimate functions to create a persistent SSH backdoor. One of the most concerning aspects of this breach is the fact that the backdoor is stored in the router’s non-volatile memory (NVRAM). This unique method ensures that the backdoor remains intact even after firmware updates or device reboots, making it exceptionally difficult for users and IT professionals to eliminate the threat through conventional means.

Users of affected ASUS routers should approach this situation with caution. Given the severity and complexity of the ongoing threat, it’s crucial to stay informed about potential protective measures and updates from ASUS. As the threat landscape continues to evolve, such incidents serve as a stark reminder of the importance of robust cybersecurity practices in safeguarding personal and professional networks alike.

Share this content:

Related Posts

One Comment

  1. Thank you for sharing this important security update. If you’re an ASUS router user impacted by this breach, here are some steps you can take to mitigate the risk:

    • Update Firmware: Ensure your router is running the latest firmware provided directly by ASUS, as they may release security patches addressing this vulnerability. Visit the ASUS Support website and verify your device’s firmware version.
    • Perform a Factory Reset: While the backdoor is stored in NVRAM, performing a factory reset can help remove any malicious configurations or persistent modifications. Follow the manufacturer’s instructions for a full reset.
    • Secure SSH Access: Disable SSH access if not needed, or change default credentials, and enable strong, unique passwords.
    • Monitor Network Traffic: Use network monitoring tools to detect unusual outbound connections or behaviors that could indicate compromise.
    • Consider Replacing Affected Devices: Given the documented persistence of the backdoor, replacing the affected routers may be the most secure option, especially if firmware updates and resets don’t resolve the issue.
    • Stay Informed: Regularly check ASUS security advisories and trusted cybersecurity news sources for updates on this vulnerability and recommended protective measures.

    Additionally, it’s advisable to segment your network—use separate networks for trusted devices and IoT gadgets, and implement

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *