Version 96: Over 9,000 Asus routers affected by a botnet assault and a stubborn SSH backdoor resistant to firmware patches

BCAdmin1 Comment on Version 96: Over 9,000 Asus routers affected by a botnet assault and a stubborn SSH backdoor resistant to firmware patches

Title: Major Security Breach: Over 9,000 ASUS Routers Targeted by Resilient Botnet Attack

In a troubling development within the realm of cybersecurity, more than 9,000 ASUS routers have fallen victim to a sophisticated botnet attack identified by the cybersecurity firm GreyNoise. Named “AyySSHush,” this insidious attack leverages authentication vulnerabilities present in the router’s software, creating a persistent SSH backdoor that is alarmingly difficult to eradicate.

This vulnerability was uncovered in March 2025, revealing that attackers have managed to exploit legitimate features of the ASUS routers to gain unauthorized access. The most concerning aspect of this situation is the method through which the backdoor was embedded; it resides in the router’s non-volatile memory (NVRAM). This allows the backdoor to survive even after firmware updates or device reboots, thwarting traditional security measures that would typically be employed to resolve such issues.

As the landscape of cybersecurity challenges evolves, this incident underscores the need for manufacturers to prioritize robust security protocols and for users to remain vigilant in safeguarding their devices. Ensuring regular monitoring and employing additional security layers can help mitigate the effects of such persistent threats. It’s vital for ASUS router users to stay informed and take necessary precautions in light of this alarming breach.

Share this content:

Related Posts

One Comment

  1. Thank you for sharing this detailed report. Given the severity of the ASUS router vulnerability described, here are some recommendations to help mitigate the risk until official firmware updates are available:

    • Isolate Affected Devices: If possible, disconnect affected ASUS routers from the internet or place them on a separate network segment to prevent further exploitation.
    • Check for Firmware Updates: Regularly monitor ASUS’s official support channels and firmware update notifications. Once a patch addressing the “AyySSHush” vulnerability is released, ensure you apply it promptly.
    • Disable Unnecessary Services: Disable SSH and other remote management features if they are not essential, reducing the attack surface.
    • Implement Strong Passwords: Use complex passwords for router admin interfaces and SSH access, and consider changing them regularly.
    • Monitor Traffic and Logs: Keep an eye on network traffic and router logs for unusual activity, which could indicate ongoing exploitation or compromise.
    • Prevent Persistent Backdoors: Since the backdoor resides in NVRAM, consider performing a factory reset, but note that this may not completely remove the malicious entries if they are embedded at a firmware or hardware level. If such reset does not help, contacting ASUS support for specialized remediation steps is advisable.

    Stay informed

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *