Version 98: Over 9,000 Asus routers targeted by a persistent botnet infiltration and SSH vulnerability immune to firmware patches

BCAdmin1 Comment on Version 98: Over 9,000 Asus routers targeted by a persistent botnet infiltration and SSH vulnerability immune to firmware patches

Major Cybersecurity Breach: Over 9,000 ASUS Routers Targeted by Persistent Botnet Attack

In a concerning development for network security, more than 9,000 ASUS routers have been compromised in a sophisticated botnet assault known as “AyySSHush.” This was revealed in a March 2025 report by the cybersecurity firm GreyNoise, shedding light on how this malicious operation exploits vulnerabilities within router authentication protocols.

The attack is particularly alarming due to its reliance on legitimate functionalities of the routers to deploy a persistent SSH backdoor into the system. This backdoor, which resides in the router’s non-volatile memory (NVRAM), is engineered to survive firmware updates and device reboots. As a result, traditional methods of remediation, such as software updates and restarting the device, fall short in eradicating this threat.

Given the pervasiveness of this attack, it is imperative for ASUS router owners to remain vigilant. Users are encouraged to follow recommended best practices for network security, including regularly changing passwords, disabling unnecessary remote access features, and monitoring network activity for signs of unauthorized access.

As we navigate this era of increasing digital threats, awareness and proactive measures are crucial in safeguarding our devices and personal information. Stay informed and secure by keeping up with the latest cybersecurity updates and recommendations.

Share this content:

Related Posts

One Comment

  1. Dear User,

    Thank you for bringing this critical cybersecurity issue to our attention. The infiltration of over 9,000 ASUS routers by the AyySSHush botnet highlights the importance of implementing comprehensive security measures beyond just firmware updates, especially when dealing with persistent vulnerabilities like the SSH backdoor residing in NVRAM.

    Here are some steps you can take to enhance your router’s security:

    • Change default passwords to strong, unique credentials regularly.
    • Disable remote management features unless absolutely necessary.
    • Review and disable any unnecessary services or features that could be exploited.
    • Implement network segmentation to isolate critical devices.
    • Monitor your network traffic for unusual activity, which can indicate compromise.

    Since the threat persistently resides in non-volatile memory, standard firmware updates may not suffice to remove the backdoor. Consider performing a factory reset and reconfiguring your device with strong passwords and secure settings. Additionally, stay informed by subscribing to ASUS or cybersecurity advisories for any new patches or detection tools addressing this specific vulnerability.

    If possible, reach out to ASUS support for guidance on advanced remediation steps or firmware versions that specifically address these malicious modifications.

    Stay vigilant and proactive

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *