Version 73: Over 9,000 Asus routers targeted by a botnet infiltration and a stubborn SSH backdoor resistant to firmware patches

Major Cybersecurity Breach: Over 9,000 ASUS Routers Compromised by “AyySSHush” Botnet

In a troubling development, more than 9,000 ASUS routers have fallen victim to a sophisticated cyberattack involving a resilient botnet known as “AyySSHush.” This alarming incident, first identified by the cybersecurity firm GreyNoise in March 2025, highlights the vulnerabilities present in certain authentication protocols that power these devices.

The attack takes advantage of legitimate features within the router’s capabilities, enabling the establishment of a persistent SSH backdoor. This backdoor is particularly concerning as it resides in the router’s non-volatile memory (NVRAM). As a result, it remains intact even through firmware updates or device reboots, which means that traditional methods of rectifying security flaws may not be sufficient to eliminate this threat.

As cybercriminals become increasingly sophisticated, this incident serves as a stark reminder for users to remain vigilant and proactive in securing their devices. Ensuring that routers are properly configured, regularly updated, and monitored for unusual behavior is essential in safeguarding against such relentless attacks. Users are encouraged to seek out additional layers of security and stay informed about the evolving landscape of cybersecurity threats.

Share this content:

One Comment

  1. Thank you for sharing this important information about the recent ASUS router vulnerabilities. Given the nature of the “AyySSHush” botnet and the persistent SSH backdoor residing in non-volatile memory, standard firmware updates alone may not fully remove the threat.

    To enhance your device’s security, consider the following steps:

    • Change default credentials: Ensure all routers have strong, unique passwords to prevent unauthorized access.
    • Disable unnecessary services: Turn off SSH or other remote management features if they are not needed, or restrict access to trusted IP addresses.
    • Use network segmentation: Isolate IoT devices from your main network to limit potential breach vectors.
    • Apply all firmware updates: While the backdoor resides in NVRAM, updating firmware can still patch other known vulnerabilities.
    • Implement additional security measures: Consider using a firewall or VPNs for remote access, and enable alerting for unusual activity.

    Additionally, monitoring network traffic for anomalies and conducting regular security audits can help detect and mitigate threats early. If the backdoor persists despite these measures, consult ASUS support or a cybersecurity professional for advanced remediation options.

    Staying vigilant and

Leave a Reply

Your email address will not be published. Required fields are marked *