A Chinese state-sponsored group has compromised over 50,000 Asus routers worldwide by exploiting known vulnerabilities, establishing a persistent espionage network. This campaign, linked to Operation WrtHug, leverages high-severity bugs in the AiCloud service and involves the installation of long-lasting TLS certificates. #OperationWrtHug #AsusRouterVulnerabilities
Keypoints
- The threat actors exploited known high-severity vulnerabilities in the Asus AiCloud service.
- Over 50,000 routers, mainly discontinued models, have been infected across multiple regions.
- Compromised devices contain a self-signed TLS certificate with a 100-year expiration date as an indicator of compromise.
- The campaign appears to be linked to previous China-backed operations targeting Asus routers.
- Users are advised to apply patches or replace outdated devices to mitigate the risk.
Read More: https://www.securityweek.com/over-50000-asus-routers-hacked-in-operation-wrthug/