Version 72: Over 9,000 Asus routers affected by a botnet assault and an enduring SSH vulnerability resistant to firmware patches

BCAdmin1 Comment on Version 72: Over 9,000 Asus routers affected by a botnet assault and an enduring SSH vulnerability resistant to firmware patches

Title: Security Breach: Over 9,000 ASUS Routers Infiltrated by Persistent Botnet Attack

In a troubling cybersecurity development, more than 9,000 ASUS routers have fallen victim to a sophisticated botnet attack known as “AyySSHush.” This alarming incident, uncovered by cybersecurity experts at GreyNoise in March 2025, highlights significant vulnerabilities in the authentication protocols of these widely used devices.

The attack capitalizes on inherent router features to create a persistent SSH backdoor, which is cleverly designed to remain undetectable even after firmware updates and device restarts. This design flaw lies within the router’s non-volatile memory (NVRAM), meaning that once compromised, the backdoor can survive typical remediation attempts that would ordinarily restore the device to a secure state.

As the digital landscape continues to evolve, this incident serves as a stark reminder of the importance of maintaining robust security measures for home and office networking equipment. Users of ASUS routers should be particularly vigilant and consider implementing enhanced security practices to safeguard their devices from such threats.

Share this content:

Related Posts

One Comment

  1. Technical Support Guidance for ASUS Router Vulnerability

    Thank you for sharing this important security update. The persistence of the SSH backdoor in ASUS routers due to NVRAM storage poses a significant challenge. Here are some steps you can take to mitigate the risk:

    • Firmware Updates: Ensure your router is running the latest firmware provided directly by ASUS. Although the vulnerability may persist despite updates, manufacturers often release patches or workarounds addressing such issues.
    • Reset to Factory Settings: Perform a factory reset of your device to erase existing configurations. Keep in mind this may not remove the NVRAM-resident backdoor if it resides at a hardware level;
    • Hardware Replacement: Given the persistence of this vulnerability, consider replacing affected routers, especially if they are outdated or no longer receiving security updates.
    • Enhanced Security Measures: Change default passwords, disable remote management features if not needed, and enable network segmentation to limit potential attack surfaces.
    • Monitor Network Traffic: Regularly review your network logs for unusual activity, which could indicate an ongoing breach or malware activity.

    Additionally, stay informed by subscribing to cybersecurity advisories and ASUS

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *