Over 9,000 ASUS routers are compromised by a novel botnet dubbed “AyySSHush” that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys.
The campaign was discovered by GreyNoise security researchers in mid-March 2025, who reports that it carries the hallmarks of a nation-state threat actor, though no concrete attributions were made.
The threat monitoring firm reports that the attacks combine brute-forcing login credentials, bypassing authentication, and exploiting older vulnerabilities to compromise ASUS routers, including the RT-AC3100, RT-AC3200, and RT-AX55 models…
The attackers exploit an old command injection flaw tracked as CVE-2023-39780 to add their own SSH public key and enable the SSH daemon to listen on the non-standard TCP port 53282…
The campaign seen by Sekoia, the threat actors were observed targeting SOHO routers, SSL VPNs, DVRs, and BMC controllers from D-Link, Linksys, QNAP, and Araknis Networks. ..
ASUS has released security updates that address CVE-2023-39780 for the impacted routers..
|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor
- This topic has 0 replies, 1 voice, and was last updated 3 weeks, 4 days ago.
Author
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Is your device eligible?
by 33 minutes ago
-
Windows 11 Insider Preview build 26200.5661 released to DEV
by 6 hours, 44 minutes ago
-
Windows 11 Insider Preview build 26120.4452 (24H2) released to BETA
by 6 hours, 45 minutes ago
-
Hello Windows…My Problem is Windows Hello…
by 8 hours, 1 minute ago
-
New Canon Printer Wants Data Sent
by 8 hours, 19 minutes ago
-
I set up passkeys for my Microsoft account
by 48 minutes ago
-
AI is for everyone
by 7 hours, 52 minutes ago
-
Terabyte update 2025
by 1 hour, 55 minutes ago
-
Migrating from Windows 10 to Windows 11
by 2 hours, 56 minutes ago
-
Lost sound after the upgrade to 24H2?
by 1 day, 7 hours ago
-
How to move 10GB of data in C:\ProgramData\Package Cache ?
by 4 hours, 34 minutes ago
-
Plugged in 24-7
by 17 hours, 3 minutes ago
-
Netflix, Apple, BofA websites hijacked with fake help-desk numbers
by 1 day, 20 hours ago
-
Have Copilot there but not taking over the screen in Word
by 1 day, 17 hours ago
-
Windows 11 blocks Chrome 137.0.7151.68, 137.0.7151.69
by 3 days, 11 hours ago
-
Are Macs immune?
by 2 hours, 54 minutes ago
-
HP Envy and the Function keys
by 2 days, 19 hours ago
-
Microsoft : Removal of unwanted drivers from Windows Update
by 12 hours, 23 minutes ago
-
MacOS 26 beta 1 dropped support for Firewire 400/800
by 3 days, 22 hours ago
-
Unable to update to version 22h2
by 1 day, 7 hours ago
-
Windows 11 Insider Preview Build 26100.4482 (24H2) released to Release Preview
by 4 days, 6 hours ago
-
Windows 11 Insider Preview build 27881 released to Canary
by 4 days, 6 hours ago
-
Very Quarrelsome Taskbar!
by 3 days, 16 hours ago
-
Move OneNote Notebook OFF OneDrive and make it local
by 4 days, 19 hours ago
-
Microsoft 365 to block file access via legacy auth protocols by default
by 4 days, 8 hours ago
-
Is your battery draining?
by 14 hours, 2 minutes ago
-
The 16-billion-record data breach that no one’s ever heard of
by 1 day, 7 hours ago
-
Weasel Words Rule Too Many Data Breach Notifications
by 4 days, 23 hours ago
-
Windows Command Prompt and Powershell will not open as Administrator
by 1 day, 1 hour ago
-
Intel Management Engine (Intel ME) Security Issue
by 4 days, 7 hours ago
Remembering Woody
