Version 63: Over 9,000 Asus routers targeted by a botnet assault and a stubborn SSH backdoor that remains unremovable despite firmware upgrades

BCAdmin1 Comment on Version 63: Over 9,000 Asus routers targeted by a botnet assault and a stubborn SSH backdoor that remains unremovable despite firmware upgrades

Major Security Breach: Over 9,000 ASUS Routers Compromised by Resilient Botnet Attack

In a concerning development for cybersecurity, a large-scale attack has compromised more than 9,000 ASUS routers, marking a significant threat to home and business network security. The attack, attributed to an advanced botnet known as “AyySSHush,” was uncovered in March 2025 by the cybersecurity firm GreyNoise.

The hackers exploited authentication weaknesses within the routers and cleverly leveraged legitimate device features to create a persistent SSH backdoor. What sets this attack apart is the location of the backdoor—it resides in the router’s non-volatile memory (NVRAM). This strategic placement ensures that even firmware updates and device reboots cannot eliminate the hidden threat, thereby complicating traditional remedial actions.

As more details about this incident emerge, it’s imperative for ASUS router users to remain vigilant. Given the resilience of the backdoor, users are urged to apply immediate security measures and consider reviewing their network settings, as standard recovery methods may not suffice.

This incident serves as a stark reminder of the ever-evolving nature of cybersecurity threats and the need for proactive measures to protect our digital infrastructure. Stay informed and take action to safeguard your devices against potential vulnerabilities.

Share this content:

Related Posts

One Comment

  1. Important Security Advisory for ASUS Router Users

    Thank you for sharing this critical update. The reported resilience of the SSH backdoor in ASUS routers is indeed concerning, especially since it persists despite firmware upgrades. Here are some recommended steps you can take to mitigate the risk:

    • Perform a Factory Reset: Use the reset button on your ASUS router to restore default settings. Be aware that if the backdoor resides in NVRAM, a reset alone might not fully remove it, but it can help eliminate malicious configurations or unauthorized access sessions.
    • Manually Re-flash Firmware: Download the latest firmware from the official ASUS support website, avoiding any firmware versions that may be compromised. Consider performing a manual firmware flash via TFTP or the router’s recovery mode for a thorough clean installation.
    • Reset NVRAM Settings (if supported): Some ASUS models allow for NVRAM reset or clearing via command-line interface or through the recovery firmware. Refer to your device’s documentation for exact procedures.
    • Change Administrator Passwords: Immediately update your admin passwords to strong, unique credentials to prevent unauthorized access through backdoors.
    • Disable Unnecessary Services: Disable SSH and other remote management services if not in use, or restrict access with IP whitelisting.
    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *