Major Security Breach: Over 9,000 ASUS Routers Compromised by Persistent Botnet
In a troubling development for network security, more than 9,000 ASUS routers have fallen victim to a sophisticated botnet attack. Identified by cybersecurity experts at GreyNoise in March 2025, this malicious initiative, referred to as “AyySSHush,” leverages critical authentication vulnerabilities to infiltrate affected devices.
The technique employed by the attackers is alarmingly clever; they exploit legitimate features within the routers to implant a persistent SSH backdoor. What sets this backdoor apart is its placement within the router’s non-volatile memory (NVRAM). This strategic positioning ensures that even firmware updates or device reboots cannot eliminate the threat, making conventional remediation efforts futile.
As cybersecurity professionals work tirelessly to address the issue, this incident serves as a stark reminder of the importance of robust security measures and regular monitoring of network devices. For ASUS router users, vigilance is paramount as the persistence of the “AyySSHush” botnet underscores the need for heightened awareness and proactive security practices in the face of evolving cyber threats.
Share this content:
Thank you for sharing this important information. The persistence of the backdoor in affected ASUS routers highlights the importance of comprehensive security measures beyond conventional firmware updates. In cases like this, I recommend the following steps:
If the backdoor is embedded within NVRAM, it may necessitate hardware-level intervention or contacting ASUS support for specialized removal procedures. Staying vigilant and adopting a layered security approach is crucial to protect your network from such persistent threats.