Newsletter IconFacebook IconX IconThreads IconInstagram IconYouTube IconPinterest Icon
Giveaway: Win an ASRock B850 Riptide WiFi and Phantom Gaming PG-850G PSU

ASUS router users warned: global hacking exploit detected requires factory reset

A botnet has been discovered that's targeting ASUS routers and a firmware update won't fix the problem, compromised devices will need to be factory reset.

ASUS router users warned: global hacking exploit detected requires factory reset
Comments
Tech and Science Editor
Published
1-minute read time
TL;DR: GreyNoise uncovered the AyySSHush botnet infecting over 8,000 hosts, mainly ASUS routers, exploiting known bypass bugs to gain persistent SSH backdoor access that survives firmware updates. Affected models include RT-AC3100, RT-AC3200, and RT-AX55. Users should factory reset and set strong passwords despite recent ASUS patches.
Voice: Jak Connor
0:00 / --:--
Use left and right arrow keys to seek audio.

GreyNoise, a threat monitoring company, has discovered a botnet named AyySSHush. According to Censys search, there are more than 8,000 infected hosts, and thousands of these are ASUS routers.

ASUS router users warned: global hacking exploit detected requires factory reset 656156

The group behind the botnet is currently unknown, but according to GreyNoise's VP of data science, Bob Rudis, the movements and sophistication of the group suggest they are an "advanced, well-resourced adversary." They started with generic brute-force attacks, but have also incorporated an interesting security bypass to gain access to ASUS routers. The botnet locates ASUS routers and exploits various known bypass bugs to gain initial access to the router, then executes additional authentication bypass techniques to break into routers more effectively.

Popular Now: Ryzen 7 7700X3D outperforms Ryzen 7 5800X3D with just one stick of DDR5, making AM4 a terrible option for your next build

Once the hackers have cracked the router, they enable SSH, a remote command tool, and their own public key to the router, giving them secret, ongoing access, and begin disabling security tools. What's concerning is that they are able to do all of this using ASUS's own router settings, meaning the changes they have made will survive firmware updates and leave no malware trace, making this form of exploitation extremely difficult to detect.

"Because this key is added using the official ASUS features, this config change is persisted across firmware upgrades," GreyNoise's report said. "If you've been exploited previously, upgrading your firmware will not remove the SSH backdoor."

"Because it's configured through official ASUS settings, the backdoor persists in NVRAM (persistent memory) even after patching. No malware dropped, logging disabled = nearly invisible," Rudis added

Models Affected

  • RT-AC3100
  • RT-AC3200
  • RT-AX55 (still widely used)

Notably, ASUS has provided a fix in a recent firmware update, but if you suspect your device has been compromised, it's worth simply factory resetting your device and setting a strong password, as the firmware update won't disable remote access.

Photo of the ASUS RT-AX55 Router

Best Deals: ASUS RT-AX55 Router

Prices last scanned 7 hours and 10 minutes ago

* Prices may be inaccurate. As an Amazon Associate, we earn from qualifying purchases. We earn affiliate commission from any Newegg or PCCG sales.

Comments

Tech and Science Editor

Email IconX IconLinkedIn Icon

Jak joined TweakTown in 2017 and has since reviewed 100s of new tech products and kept us informed daily on the latest science, space, and artificial intelligence news. Jak's love for science, space, and technology, and, more specifically, PC gaming, began at 10 years old. It was the day his dad showed him how to play Age of Empires on an old Compaq PC. Ever since that day, Jak fell in love with games and the progression of the technology industry in all its forms.

Stay Updated

Follow TweakTown for breaking tech news, reviews, and daily updates.

Add TweakTown as a preferred source on GoogleFind TweakTown on Apple News
Newsletter Subscription