Over 9,000 ASUS routers have been compromised by the “AyySSHush” botnet, which uses old vulnerabilities and brute-force tactics to establish stealthy backdoors. The campaign, believed to be linked to a nation-state actor, also affects other SOHO routers, with ASUS recommending immediate firmware updates and security checks. #AyySSHush #CVE-2023-39780
Keypoints
- The “AyySSHush” botnet targets ASUS routers using CVE-2023-39780 to exploit command injection flaws.
- The attackers add persistent SSH keys to maintain backdoor access even after firmware updates.
- Stealth tactics include turning off logging and disabling security features to evade detection.
- Over 9,000 ASUS routers are infected, but only a few malicious requests have been detected.
- Users should update firmware and perform factory resets if compromised to remove backdoors.