Version 59: Over 9,000 Asus routers infected by a persistent botnet assault and an enduring SSH backdoor, immune to firmware patching

BCAdmin1 Comment on Version 59: Over 9,000 Asus routers infected by a persistent botnet assault and an enduring SSH backdoor, immune to firmware patching

Urgent Security Alert: Over 9,000 ASUS Routers Compromised by Advanced Botnet Attack

In a troubling revelation for cybersecurity, more than 9,000 ASUS routers have fallen victim to an advanced botnet attack, known as “AyySSHush.” This significant breach was uncovered by cybersecurity experts at GreyNoise in March 2025, highlighting the dangers posed by authentication vulnerabilities inherent in many networking devices.

The AyySSHush botnet takes advantage of legitimate features within the routers to create a persistent SSH backdoor. One alarming aspect of this security breach is that the backdoor is lodged in the router’s non-volatile memory (NVRAM). As a result, it remains intact even through firmware updates and device restarts, thwarting conventional methods of remediation.

As various stakeholders from individual users to businesses increasingly rely on such devices, this incident underscores the pressing need for enhanced vigilance and robust security measures. Router owners are strongly advised to evaluate their security protocols and stay informed about emerging threats in the ever-evolving landscape of cybersecurity.

Stay tuned to our blog for continued updates on this situation and more essential tips on how to safeguard your devices from similar attacks.

Share this content:

Related Posts

One Comment

  1. Thank you for sharing this critical update. The persistence of the AyySSHush botnet and its ability to embed itself within the router’s non-volatile memory (NVRAM) indeed pose a serious challenge for traditional firmware-based remediation methods. In such cases, standard firmware updates may not be sufficient to remove the backdoor.

    To mitigate this threat, I recommend the following steps:

    • Factory Reset: Perform a comprehensive factory reset of the affected ASUS routers. This can sometimes clear malicious configurations, but be aware that if the malware resides in NVRAM, it may still persist after reset.
    • Reflashing Firmware: If possible, try to reflash the firmware with a clean, verified image directly from ASUS. Using a TFTP or serial connection to load firmware in the low-level recovery mode might be more effective than standard firmware updates.
    • Advanced Cleaning: Given the persistence of the backdoor, consider using specialized security tools or contacting ASUS support for guidance on advanced cleaning procedures or hardware replacement options.
    • Network Monitoring and Segmentation: Isolate affected devices on their own network segment and implement strict access controls to prevent further compromise or lateral movement.
    • Security Best Practices: Regularly change default credentials, disable unnecessary services, and monitor outbound traffic for suspicious activity to reduce the risk of
    Reply

Leave a Reply to [email protected] Cancel reply

Your email address will not be published. Required fields are marked *