Over 9,000 Asus routers compromised by hackers
- Over 9,000 Asus routers have been compromised as part of an ongoing campaign.
- Attackers have exploited a security flaw allowing backdoor access that persists through resets.
- Users should take immediate action to secure their routers and disable SSH access.
In a significant cybersecurity incident, over 9,000 Asus routers have been reported compromised as part of an ongoing exploitation campaign that has been monitored since March 17. The firm GreyNoise, specializing in cybersecurity, issued warnings about the compromised routers, which are suspected to be preparing for future malicious operations similar to the Mirai botnet attack of 2016 that caused widespread service disruptions, affecting major websites like Twitter and Netflix. Cybersecurity experts point to the capability of these IoT devices being manipulated into networks strong enough for denial of service attacks. However, the severity of this breach is underscored by the fact that the attackers have used a method that allows them to maintain backdoor access to the routers even after users attempt to reboot or update their firmware. Consequently, traditional firmware upgrades will not eradicate the backdoor established during the initial compromise. Yuvraj Agarwal, a computer science professor at Carnegie Mellon University, has drawn parallels between this campaign and past attacks, suggesting that users’ negligence in maintaining secure practices could lead to vulnerabilities. GreyNoise has identified the exploit as originating from a skilled and well-resourced adversary, although the specific location of the attack remains unclear. Historical data from the Cybersecurity and Infrastructure Security Agency points to nations such as China, Russia, North Korea, and Iran as likely actors behind such cybercrimes in the past. Asus, the manufacturer of the affected routers, has been approached for comments but has yet to provide details, directing users to their product security advisory page for updates. For those who own Asus routers, the firm has not yet released an official security firmware update to resolve the vulnerability. Users are urged to perform technical inspections of their routers, actively disable SSH access in their settings, and proceed with firmware updates, noting that those previously compromised will still face persistent threats unless further action is taken.