All articles tagged with #asus routers
Thousands of Asus routers have been compromised through a sophisticated attack involving brute-force login attempts and authentication bypasses, exploiting a previously unknown vulnerability. Users should verify if their routers are affected, disable SSH access, block suspicious IPs, and perform a factory reset to ensure security, especially since the vulnerability has been patched but the backdoor may persist if not fully reset.
A security report reveals that around 9,000 Asus routers have been hacked by a sophisticated threat actor aiming to create a botnet. Users can check if their routers are compromised by inspecting SSH access and should perform a factory reset if infected. Updating firmware and blocking specific IPs are recommended to prevent future attacks.
A new botnet named 'AyySSHush' has compromised over 9,000 ASUS routers by exploiting an old vulnerability to install a persistent SSH backdoor, allowing attackers to maintain access even after reboots or firmware updates. The campaign, possibly linked to a nation-state actor, also targeted other SOHO routers from Cisco, D-Link, and Linksys, and involves stealthy techniques to evade detection. ASUS has released security patches, and users are advised to update firmware, check for suspicious files, and reset their devices if compromised.
A new variant of TheMoon malware has infected 6,000 ASUS routers in 72 hours, linking them to the Faceless proxy service used by cybercriminals for anonymizing malicious activities. The malware targets end-of-life ASUS routers, likely exploiting known vulnerabilities or weak credentials to gain access. Once infected, the routers are used as proxies to route traffic for cybercriminals. To defend against these botnets, users are advised to use strong admin passwords, upgrade firmware, and replace end-of-life devices with actively supported models.