Cybersecurity Alert: Over 9,000 ASUS Routers Compromised by Persistent Botnet Attack
In a troubling development for network security, over 9,000 ASUS routers have fallen victim to an advanced botnet attack identified as “AyySSHush.” This alarming breach, uncovered by cybersecurity experts at GreyNoise in March 2025, exploits existing authentication vulnerabilities within the router’s Software to create a persistent SSH backdoor.
What sets this attack apart is its cunning use of legitimate features in the router’s configuration. By embedding the backdoor in the device’s non-volatile memory (NVRAM), the attackers ensure it remains intact, even after common countermeasures like firmware updates or device reboots. This makes traditional methods of remediation ineffective, as users are unable to fully eliminate the threat through standard security practices.
The implications of such a breach are serious, particularly for users who rely on these routers for secure connectivity. The persistent nature of the backdoor means that any device still running the compromised version of the router’s Software could be at risk of further exploitation by malicious actors.
For individuals and organizations using affected ASUS routers, it is imperative to take immediate action. Regularly updating firmware is a critical step in maintaining security; however, users must now go beyond conventional updates and consider a thorough review of their network configurations. Exploring alternative security measures or even replacing affected devices may be necessary to safeguard personal and shared data.
As cyber threats continue to evolve, it is essential to remain vigilant and informed. Stay updated on the latest security advisories, and ensure that your network remains secure against potential vulnerabilities.
Share this content:
Thank you for bringing this critical issue to our attention. The botnet attack on ASUS routers exploiting persistent SSH backdoors is indeed concerning. To mitigate this threat, we recommend the following steps: