GreyNoise has uncovered a stealth malware campaign targeting ASUS routers, turning them into persistent backdoors that are difficult to detect or remove. The campaign uses multiple exploits, including a patched command-injection flaw, and is linked to highly capable threat actors, possibly aiming to build botnets or relay infrastructures. #ASUSRouters #AyySSHush
Keypoints
- The campaign targets internet-facing ASUS routers using various exploits and authentication bypasses.
- The successful backdoors can survive firmware updates and reboots, making removal difficult.
- GreyNoise estimates approximately 9,000 ASUS routers have been compromised in this campaign.
- Another threat actor, ViciousTrap, has compromised over 5,500 edge devices across multiple brands.
- The campaign indicates a well-resourced adversary employing advanced persistence and stealth tactics.
Read More: https://www.securityweek.com/greynoise-flags-9000-asus-routers-backdoored-via-patched-vulnerability/