GreyNoise researchers detail a novel botnet infecting 9K+ routers from Asus and others with a persistent SSH backdoor, enabling access after reboots and updates
Over 9,000 ASUS routers are compromised by a novel botnet dubbed “AyySSHush” that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys.
BleepingComputer Bill Toulas
Related Coverage
- GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers The GreyNoise Blog
- Thousands of Asus routers are being hit with stealthy, persistent backdoors Ars Technica · Dan Goodin
- 9,000 Asus routers compromised by botnet attack and persistent SSH backdoor that even firmware updates can't fix Tom's Hardware · Kunal Khullar
- Thousands of ASUS routers compromised in sophisticated hacking campaign Cybersecurity Dive · David Jones
- Your Asus router might've been hacked and turned into a botnet, report says PCWorld · Michael Crider
- Check your ASUS router for a hidden hack that survives reboots & updates AppleInsider · Andrew Orr
- PSA: Thousands of ASUS wireless routers compromised by botnet 9to5Mac · Ben Lovejoy
- Attacks with new Pumabot botnet hit Linux IoT devices SC Media
- AyySSHush: Tradecraft of an emergent ASUS botnet GreyNoise Labs · Remy
- ASUS Router Backdoor Attack: Over 9,000 Devices Compromised in Stealth Nation-State Campaign Tech Times · Jose Enrico
- Thousands of ASUS Routers Hijacked in Stealthy Backdoor Campaign Infosecurity · Kevin Poireault
- Multiple ASUS Routers Impacted by New Security Vulnerability ISPreview UK · Mark Jackson
- New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor. Security Affairs · Pierluigi Paganini
- New Botnet Hijacks 9,000 ASUS Routers & Enables SSH Access by Injecting Public Key Cyber Security News · Kaaviya
- ASUS router backdoors affect 9K devices, persist after firmware updates SC Media · Laura French
- 9,000 ASUS Routers Compromised in Stealthy Backdoor Campaign CyberInsider · Bill Mann
Discussion
-
@campuscodi.risky.biz
Catalin Cimpanu
on bluesky
More than 9,000 ASUS routers have been infected by a new botnet named AyySSSHush. — The botnet's attacks disable a TrendMicro security feature embedded in ASUS routers and then exploits older vulnerabilities. — www.labs.greynoise.io/grimoire/ 202...
-
@hrbrmstr@mastodon.social
@hrbrmstr@mastodon.social
on mastodon
Without full PCAP + emulated router profiles, this would've stayed hidden. Check your ASUS routers for SSH on TCP/53282 NOW. — Technical deep-dive: https://www.labs.greynoise.io/ ... 📊 Executive summary: https://www.greynoise.io/... 4/4
-
r/gadgets
r
on reddit
Thousands of Asus routers are being hit with stealthy, persistent backdoors | Backdoor giving full administrative control can survive reboots and firmware updates.
-
r/HomeNetworking
r
on reddit
Thousands of Asus routers are being hit with stealthy, persistent backdoors | Attacker Dubbed “ViciousTrap” Adds SSH Backdoor
-
r/technews
r
on reddit
Thousands of Asus routers are being hit with stealthy, persistent backdoors | Backdoor giving full administrative control can survive reboots and firmware updates.
-
r/technology
r
on reddit
Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor