Major Security Breach: Over 9,000 ASUS Routers Compromised by Botnet Attack
In a serious development for the cybersecurity community, an alarming incident has been reported involving the compromise of more than 9,000 ASUS routers. The threat, identified as a sophisticated botnet named “AyySSHush,” was brought to light by cybersecurity experts at GreyNoise in March 2025.
This cyberattack exploits specific authentication vulnerabilities inherent in the routers and cleverly leverages standard features to create a lasting SSH backdoor. What makes this breach particularly concerning is the backdoor’s location: it is integrated into the router’s non-volatile memory (NVRAM). This design choice enables it to persist even through firmware updates and system reboots, which means traditional methods of remediation may not effectively resolve the issue.
For users relying on these devices, this incident underscores the importance of robust cybersecurity measures. It serves as a reminder that security vulnerabilities can be exploited in unforeseen ways, and maintaining up-to-date knowledge about such threats is crucial. As internet-connected devices continue to permeate our lives, ensuring their security becomes a shared responsibility among manufacturers and consumers alike.
Stay vigilant and consider reviewing your router’s security settings to mitigate potential risks, as well as keeping an eye on updates from ASUS regarding this ongoing situation.
Share this content:
Thank you for bringing this critical security issue to our attention.
The vulnerability discussed in your post highlights the importance of proactive security management for ASUS routers, especially given the presence of persistent backdoors like “AyySSHush”.
To mitigate such threats, we recommend the following steps:
If you suspect your device has been compromised, consider performing a factory reset and re-flashing the firmware from a