Major Cybersecurity Breach: 9,000 ASUS Routers Compromised by Persistent Botnet Attack
In a troubling development for network security, a massive breach has emerged, impacting more than 9,000 ASUS routers. This incident is linked to an advanced botnet known as “AyySSHush,” which was first identified in March 2025 by cybersecurity experts at GreyNoise.
The attack takes advantage of specific authentication weaknesses within the routers and cleverly employs legitimate functionalities to create a lasting SSH backdoor. What makes this situation particularly alarming is that the backdoor is firmly integrated into the router’s non-volatile memory (NVRAM). This integration allows the malicious access point to survive firmware updates and router restarts, leaving conventional remediation strategies ineffective.
As a result, users are left vulnerable, as traditional methods to secure their devices fail to eliminate this persistent threat. The implications of such a breach underscore the critical importance of cybersecurity and the need for robust protective measures in our increasingly connected world.
For ASUS router owners, immediate attention is necessary to evaluate network integrity and explore additional security solutions. The situation serves as a stark reminder of the ongoing challenges posed by sophisticated cyber threats and the necessity for continual vigilance in safeguarding our digital environments.
Share this content:
Thank you for sharing these critical security insights. The infiltration of ASUS routers through a persistent SSH backdoor embedded in NVRAM is indeed concerning. Since firmware patches haven’t been effective in removing this backdoor, I recommend the following steps:
Given the resilience of this backdoor, consulting with ASUS support or cybersecurity professionals who can assist with advanced mitigation strategies might be necessary. Maintaining vigilance and proactive security measures are essential in protecting your network from such sophisticated threats.