• Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor

    Author
    Topic
    #2777997

    https://www.bleepingcomputer.com/news/security/botnet-hacks-9-000-plus-asus-routers-to-add-persistent-ssh-backdoor/

    Over 9,000 ASUS routers are compromised by a novel botnet dubbed “AyySSHush” that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys.

    The campaign was discovered by GreyNoise security researchers in mid-March 2025, who reports that it carries the hallmarks of a nation-state threat actor, though no concrete attributions were made.

    The threat monitoring firm reports that the attacks combine brute-forcing login credentials, bypassing authentication, and exploiting older vulnerabilities to compromise ASUS routers, including the RT-AC3100, RT-AC3200, and RT-AX55 models…

    The attackers exploit an old command injection flaw tracked as CVE-2023-39780 to add their own SSH public key and enable the SSH daemon to listen on the non-standard TCP port 53282…

    The campaign seen by Sekoia, the threat actors were observed targeting SOHO routers, SSL VPNs, DVRs, and BMC controllers from D-Link, Linksys, QNAP, and Araknis Networks. ..

    ASUS has released security updates that address CVE-2023-39780 for the impacted routers..

    Reply To: Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: