Over 9,000 ASUS routers are compromised by a novel botnet dubbed “AyySSHush” that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys.
The campaign was discovered by GreyNoise security researchers in mid-March 2025, who reports that it carries the hallmarks of a nation-state threat actor, though no concrete attributions were made.
The threat monitoring firm reports that the attacks combine brute-forcing login credentials, bypassing authentication, and exploiting older vulnerabilities to compromise ASUS routers, including the RT-AC3100, RT-AC3200, and RT-AX55 models…
The attackers exploit an old command injection flaw tracked as CVE-2023-39780 to add their own SSH public key and enable the SSH daemon to listen on the non-standard TCP port 53282…
The campaign seen by Sekoia, the threat actors were observed targeting SOHO routers, SSL VPNs, DVRs, and BMC controllers from D-Link, Linksys, QNAP, and Araknis Networks. ..
ASUS has released security updates that address CVE-2023-39780 for the impacted routers..
|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor
- This topic has 0 replies, 1 voice, and was last updated 2 weeks, 2 days ago.
Author
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Windows Spotlight broken on Enterprise and Pro for Workstations?
by 2 hours, 18 minutes ago
-
Denmark wants to dump Microsoft for Linux + LibreOffice
by 3 hours, 44 minutes ago
-
How to get Microsoft Defender to honor Group Policy Setting
by 2 hours, 54 minutes ago
-
Apple : Paragon’s iOS Mercenary Spyware Finds Journalists Target
by 13 hours, 3 minutes ago
-
Music : The Rose Room – It’s Been A Long, Long Time album
by 14 hours, 9 minutes ago
-
Disengage Bitlocker
by 4 hours, 6 minutes ago
-
Mac Mini M2 Service Program for No Power Issue
by 16 hours, 8 minutes ago
-
New Win 11 Pro Geekom Setup questions
by 49 minutes ago
-
Windows 11 Insider Preview build 26200.5651 released to DEV
by 23 hours, 24 minutes ago
-
Windows 11 Insider Preview build 26120.4441 (24H2) released to BETA
by 23 hours, 25 minutes ago
-
iOS 26,, MacOS 26 : Create your own AI chatbot
by 1 day, 3 hours ago
-
New PC transfer program recommendations?
by 4 hours, 20 minutes ago
-
Windows 11 Insider Preview Build 22631.5545 (23H2) released to Release Preview
by 1 day, 7 hours ago
-
Windows 10 Build 19045.6029 (22H2) to Release Preview Channel
by 1 day, 7 hours ago
-
Best tools for upgrading a Windows 10 to an 11
by 19 hours, 45 minutes ago
-
The end of Windows 10 is approaching, consider Linux and LibreOffice
by 17 hours, 7 minutes ago
-
Extended Windows Built-in Disk Cleanup Utility
by 8 hours, 42 minutes ago
-
Win 11 24H2 June 2025 Update breaks WIFI
by 2 days, 2 hours ago
-
Update from WinPro 10 v. 1511 on T460p?
by 1 day ago
-
System Restore and Updates Paused
by 2 days, 4 hours ago
-
Windows 10/11 clock app
by 1 day, 16 hours ago
-
Turn off right-click draw
by 2 days, 8 hours ago
-
Introducing ChromeOS M137 to The Stable Channel
by 2 days, 11 hours ago
-
Brian Wilson (The Beach Boys) R.I.P
by 1 day, 5 hours ago
-
Master patch listing for June 10, 2025
by 2 days, 13 hours ago
-
Suggestions for New All in One Printer and a Photo Printer Windows 10
by 1 day, 16 hours ago
-
Purchasing New Printer. Uninstall old Printer Software First?
by 2 days, 19 hours ago
-
KB5060842 Issue (Minor)
by 1 day, 7 hours ago
-
EchoLeak : Zero Click M365 Copilot leak sensitive information
by 3 days, 2 hours ago
-
24H2 may not be offered June updates
by 1 day, 19 hours ago
Remembering Woody
