Major Cybersecurity Breach: Over 9,000 ASUS Routers Compromised by “AyySSHush” Botnet
In a troubling development, more than 9,000 ASUS routers have fallen victim to a sophisticated cyberattack involving a resilient botnet known as “AyySSHush.” This alarming incident, first identified by the cybersecurity firm GreyNoise in March 2025, highlights the vulnerabilities present in certain authentication protocols that power these devices.
The attack takes advantage of legitimate features within the router’s capabilities, enabling the establishment of a persistent SSH backdoor. This backdoor is particularly concerning as it resides in the router’s non-volatile memory (NVRAM). As a result, it remains intact even through firmware updates or device reboots, which means that traditional methods of rectifying security flaws may not be sufficient to eliminate this threat.
As cybercriminals become increasingly sophisticated, this incident serves as a stark reminder for users to remain vigilant and proactive in securing their devices. Ensuring that routers are properly configured, regularly updated, and monitored for unusual behavior is essential in safeguarding against such relentless attacks. Users are encouraged to seek out additional layers of security and stay informed about the evolving landscape of cybersecurity threats.
Share this content:
Thank you for sharing this important information about the recent ASUS router vulnerabilities. Given the nature of the “AyySSHush” botnet and the persistent SSH backdoor residing in non-volatile memory, standard firmware updates alone may not fully remove the threat.
To enhance your device’s security, consider the following steps:
Additionally, monitoring network traffic for anomalies and conducting regular security audits can help detect and mitigate threats early. If the backdoor persists despite these measures, consult ASUS support or a cybersecurity professional for advanced remediation options.
Staying vigilant and