Version 90: Over 9,000 Asus routers hijacked through a botnet assault and a stubborn SSH backdoor impervious to firmware updates

BCAdmin1 Comment on Version 90: Over 9,000 Asus routers hijacked through a botnet assault and a stubborn SSH backdoor impervious to firmware updates

Major Cybersecurity Threat: Over 9,000 Asus Routers Compromised by Persistent Botnet Attack

In a concerning development for network security, it has come to light that more than 9,000 Asus routers have fallen victim to a sophisticated botnet attack. Identified by the cybersecurity company GreyNoise in March 2025, this incident centers around a malicious entity known as “AyySSHush.”

What sets this attack apart is its use of existing vulnerabilities within the router’s authentication protocols, allowing unauthorized access to legitimate router functions. Once the intruders gain entry, they establish a persistent Secure Shell (SSH) backdoor within the router’s non-volatile memory (NVRAM). This is particularly troubling, as it means that the backdoor remains intact even after executing firmware updates or rebooting the device.

As a result, traditional methods for remedying such security breaches fall short of efficacy, leaving affected users in a precarious situation. The resilience of this backdoor emphasizes the need for heightened security measures and constant vigilance from manufacturers and consumers alike.

In light of this incident, it’s crucial for router users to assess their device security and keep an eye on official updates or guidance from Asus regarding this vulnerability. Ensuring that your network is fortified against potential threats has never been more important.

Share this content:

Related Posts

One Comment

  1. Important Notice Regarding Asus Router Security

    Thank you for sharing this critical update. The reported persistent SSH backdoor in Asus routers is indeed a significant security concern, especially since it survives firmware updates and reboots. Here are some recommended steps to help mitigate this threat:

    • Check for Official Firmware Updates: Regularly visit the Asus support page to see if they have released patches specifically addressing this vulnerability. Apply any updates promptly.
    • Change Default Credentials: If possible, update your router’s admin password to a strong, unique one to prevent unauthorized access via compromised credentials.
    • Disable Unnecessary Services: Turn off SSH access if it’s not required for your setup, or restrict SSH access to specific, trusted IP addresses.
    • Monitor Network Traffic: Use network monitoring tools to watch for unusual activity that could indicate unauthorized access or botnet communications.
    • Perform a Factory Reset: If you suspect your device has been compromised, perform a factory reset and reconfigure the router, then reapply firmware updates.
    • Consult Asus Support: Reach out to Asus technical support for guidance on this vulnerability and any recommended security practices specific to your model.
    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *