Version 64: Over 9,000 Asus routers infected by a botnet exploit and an enduring SSH backdoor resistant to firmware patches

BCAdmin1 Comment on Version 64: Over 9,000 Asus routers infected by a botnet exploit and an enduring SSH backdoor resistant to firmware patches

Major Security Breach: Over 9,000 ASUS Routers Compromised by Botnet Attack

In a concerning development for internet users, more than 9,000 ASUS routers have fallen victim to a sophisticated cyberattack involving a botnet known as “AyySSHush.” This alarming breach, identified by cybersecurity firm GreyNoise in March 2025, exploits vulnerabilities related to router authentication and leverages legitimate functionalities to create a persistent SSH backdoor.

What makes this attack particularly alarming is the nature of the backdoor itself. It has been embedded within the router’s non-volatile memory (NVRAM), which enables it to withstand not only firmware updates but also device reboots. As a result, traditional methods for addressing such vulnerabilities may prove futile in rectifying the situation.

The implications of this breach are significant. Malicious actors could potentially gain unauthorized access to sensitive network data, compromising both the privacy and security of users. ASUS router owners are urged to remain vigilant and explore additional protective measures, such as changing default settings and monitoring network traffic for any unusual activity.

As the cybersecurity landscape continues to evolve, this incident serves as a crucial reminder of the importance of robust security practices and regular updates to safeguard against emerging threats.

Share this content:

Related Posts

One Comment

  1. Thank you for bringing this critical security issue to our attention. Given the sophistication of the attack described, especially the persistence of the SSH backdoor embedded in NVRAM, standard firmware updates may not be sufficient to eliminate this vulnerability.

    To mitigate this threat, consider the following steps:

    • Reset the Router to Factory Defaults: Perform a full reset to erase any residual malicious configurations. Access your router’s admin interface and initiate a factory reset.
    • Re-flash Firmware from Trusted Sources: Download the latest firmware directly from the official ASUS support site, ensuring you are applying a clean, unaltered version.
    • Disable Unnecessary Services: Turn off SSH access if it’s not required, or restrict SSH access to trusted networks. Review and disable any unfamiliar or unnecessary services.
    • Change Default Credentials and Network Settings: Update default passwords, enable strong authentication mechanisms, and consider changing network SSIDs and Wi-Fi passwords.
    • Monitor Network Traffic: Use network monitoring tools to detect unusual activity, such as unexpected connections or high data transfer volumes.
    • Consider Hardware Replacement: Since the backdoor is embedded in NVRAM, in cases of persistent compromise, replacing the router may be the most secure option.

    Additionally, consult ASUS security advisories

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *