Global Botnets Exploit Router Vulnerabilities to Maintain Persistent Backdoors
Originally Published 7 months ago — by BleepingComputer
A new botnet named 'AyySSHush' has compromised over 9,000 ASUS routers by exploiting an old vulnerability to install a persistent SSH backdoor, allowing attackers to maintain access even after reboots or firmware updates. The campaign, possibly linked to a nation-state actor, also targeted other SOHO routers from Cisco, D-Link, and Linksys, and involves stealthy techniques to evade detection. ASUS has released security patches, and users are advised to update firmware, check for suspicious files, and reset their devices if compromised.