Major Cybersecurity Breach: Over 9,000 ASUS Routers Targeted by Persistent Botnet Attack
In a concerning development for network security, more than 9,000 ASUS routers have been compromised in a sophisticated botnet assault known as “AyySSHush.” This was revealed in a March 2025 report by the cybersecurity firm GreyNoise, shedding light on how this malicious operation exploits vulnerabilities within router authentication protocols.
The attack is particularly alarming due to its reliance on legitimate functionalities of the routers to deploy a persistent SSH backdoor into the system. This backdoor, which resides in the router’s non-volatile memory (NVRAM), is engineered to survive firmware updates and device reboots. As a result, traditional methods of remediation, such as software updates and restarting the device, fall short in eradicating this threat.
Given the pervasiveness of this attack, it is imperative for ASUS router owners to remain vigilant. Users are encouraged to follow recommended best practices for network security, including regularly changing passwords, disabling unnecessary remote access features, and monitoring network activity for signs of unauthorized access.
As we navigate this era of increasing digital threats, awareness and proactive measures are crucial in safeguarding our devices and personal information. Stay informed and secure by keeping up with the latest cybersecurity updates and recommendations.
Share this content:
Dear User,
Thank you for bringing this critical cybersecurity issue to our attention. The infiltration of over 9,000 ASUS routers by the AyySSHush botnet highlights the importance of implementing comprehensive security measures beyond just firmware updates, especially when dealing with persistent vulnerabilities like the SSH backdoor residing in NVRAM.
Here are some steps you can take to enhance your router’s security:
Since the threat persistently resides in non-volatile memory, standard firmware updates may not suffice to remove the backdoor. Consider performing a factory reset and reconfiguring your device with strong passwords and secure settings. Additionally, stay informed by subscribing to ASUS or cybersecurity advisories for any new patches or detection tools addressing this specific vulnerability.
If possible, reach out to ASUS support for guidance on advanced remediation steps or firmware versions that specifically address these malicious modifications.
Stay vigilant and proactive