Version 58: Over 9,000 Asus routers compromised by a persistent botnet and SSH backdoor impervious to firmware updates

BCAdmin1 Comment on Version 58: Over 9,000 Asus routers compromised by a persistent botnet and SSH backdoor impervious to firmware updates

Major Cybersecurity Breach: 9,000 ASUS Routers Compromised by Botnet Attack

In a concerning development for network security, a large-scale cybersecurity breach has impacted more than 9,000 ASUS routers. This incident stems from a sophisticated botnet known as “AyySSHush,” which was brought to light by cybersecurity experts at GreyNoise in March 2025.

What makes this attack particularly alarming is its ability to exploit existing authentication vulnerabilities and leverage the features of the routers to create a persistent SSH backdoor. This backdoor is not simply a temporary flaw; it is entrenched within the router’s non-volatile memory (NVRAM). As a result, even attempts to restore the router through firmware updates or device reboots will not eliminate the threat.

This revelation underscores the critical need for robust cybersecurity measures and highlights the vulnerabilities that can exist within even widely-used devices. Users of affected ASUS routers are urged to take immediate action to secure their networks and consider alternative solutions to mitigate the risks.

Stay informed and proactive about your network security to protect against such sophisticated cyber threats.

Share this content:

Related Posts

One Comment

  1. Important Recommendations for Securing Your ASUS Router

    Given the severity of the reported breach, it is crucial to implement multiple layers of security measures. Here are some steps you can take:

    • Change Default Credentials: Immediately update your router’s admin username and password to strong, unique credentials to prevent unauthorized access.
    • Disable SSH Access: If SSH is not essential for your network operations, disable it via the router’s admin interface to prevent backdoor exploitation.
    • Update Firmware (if available): While the report indicates that the backdoor persists beyond firmware updates, ensure your router’s firmware is up-to-date with the latest official releases from ASUS, as manufacturers may release security patches addressing vulnerabilities.
    • Monitor Network Traffic: Use network monitoring tools to detect unusual activity that may indicate ongoing compromise.
    • Segment Your Network: Create separate networks for IoT devices and critical systems to limit potential lateral movement by attackers.
    • Perform a Factory Reset: Consider performing a factory reset and reconfiguring your device with secure settings. However, be aware that persistent malware may reside in NVRAM; consulting ASUS support or a professional security service might be necessary for thorough remediation.
    • Replace Compromised Devices:
    Reply

Leave a Reply to [email protected] Cancel reply

Your email address will not be published. Required fields are marked *