Don't Just Read the News, Understand It.
Get Started
SubscribeLogin
Israel-Hamas Conflict
Natural Disasters
Democratic Party
Artificial Intelligence
Donald Trump
Social Media
Memorial Day
Republican Party
US Politics
United Nations
Education
Tariffs
Military
Published loading...Updated

Thousands of Asus Routers Are Being Hit with Stealthy, Persistent Backdoors

  • GreyNoise discovered in mid-March 2025 that thousands of Asus routers worldwide are compromised by a botnet called AyySSHush that operates covertly.
  • The compromise occurred through brute-force login attempts and exploitation of an older command injection flaw, CVE-2023-39780, allowing persistent backdoor access.
  • Attackers used system commands to add SSH keys, enable SSH on port 53282, and disable Trend Micro’s AiProtection and logging to evade detection on models like RT-AC3100 and RT-AX55.
  • GreyNoise reported over 9,000 infected hosts, noting persistence across firmware updates and describing the adversary as advanced and well-resourced, while Asus has issued patches addressing the vulnerabilities.
  • The botnet’s exact purpose remains unclear, but users are advised to upgrade firmware, check for unauthorized SSH keys, and perform factory resets if compromised to remove persistent backdoors.
Insights by Ground AI
Does this summary seem wrong?

20 Articles

All
Left
Center
5
Right
Tech SpotTech Spot
Center

Thousands of Asus routers compromised by "ViciousTrap" backdoor

Analysts at GreyNoise have uncovered a mysterious backdoor-based campaign affecting more than 9,000 Asus routers. The unknown cybercriminals are exploiting security vulnerabilities – some of which have already been patched – while others have never been assigned proper tracking entries in the CVE database. The story is full of "unknowns,"...Read Entire Article

Read Full Article
The RegisterThe Register
Center

8,000+ Asus routers popped in 'advanced' mystery botnet plot

: No formal attribution made but two separate probes hint at the same suspect

Read Full Article
Tech RadarTech Radar
Center

Thousands of Asus routers hacked to create a major botnet planting damaging malware

Hackers are brute-forcing older Asus routers and establishing persistent access.

·United Kingdom
Read Full Article
Ars TechnicaArs Technica
+2 Reposted by 2other sources
Center

Thousands of Asus routers are being hit with stealthy, persistent backdoors

Backdoor giving full administrative control can survive reboots and firmware updates.

·United States
Read Full Article
BleepingComputerBleepingComputer
Center

Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor

Over 9,000 ASUS routers are compromised by a novel botnet dubbed

Read Full Article
ddaily.co.krddaily.co.kr

"I'm Using ASUS Routers at Home and in the office"... 9,000 Units of Backdoors Disabled 'Even if I Reset Them, They Still Remain'

[Digital Daily Reporter Kim Moon-ki] Security firm GreyNoise has confirmed that approximately 9,000 ASUS routers commonly used in homes and offices have been infected with backdoors. The impact of this attack is significant in that these devices are in a state of ‘persistent control’ as they cannot be blocked by attackers even through reboots or firmware updates. According to multiple US IT media outlets on the 29th (local time), GreyNoise ident…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center
Factuality

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in on Wednesday, May 28, 2025.
Sources are mostly out of (0)

Similar News Topics

Cisco

Cisco

Technology

Technology

Internet

Internet

News
For You
SearchBlindspotLocal