Thousands of outdated ASUS WRT routers worldwide have been hijacked in a campaign called Operation WrtHug, exploiting multiple vulnerabilities in the devices. The attack leverages a malicious TLS certificate to identify compromised devices, which are likely used as stealth relay nodes in cyber espionage activities. #ASUSWRT #OperationWrtHug
Keypoints
- Operation WrtHug targets mostly end-of-life ASUS WRT routers using known security flaws.
- Over 50,000 unique IP addresses globally have been identified as compromised.
- The campaign exploits vulnerabilities including CVE-2023-41345/46/47/48 and CVE-2025-2492.
- A self-signed TLS certificate with a 100-year lifespan is a key indicator of infected devices.
- ASUS recommends updating firmware or replacing unsupported routers to mitigate risks.