Asus Wi-Fi Routers Targeted in Stealthy Cyberattack Campaign
A stealthy cyberattack has compromised over 9,000 Asus Wi-Fi routers, granting attackers persistent backdoor access that survives reboots and firmware updates. While personal data isn’t the target, infected routers can be weaponized for large-scale denial-of-service attacks. Users must check for unauthorized SSH access and apply specific security steps to block intrusions.
A recent cybersecurity alert from GreyNoise reveals that over 9,000 Asus Wi-Fi routers have been compromised in an ongoing, stealthy exploitation campaign. Since March 17, attackers have maintained persistent backdoor access to these devices, even surviving reboots and firmware updates. This durability makes the threat particularly concerning for network security.
Interestingly, the attackers are not targeting personal data directly. Instead, they leverage the computational power of infected routers to build botnets capable of launching large-scale denial-of-service (DDoS) attacks. This tactic echoes the infamous 2016 Mirai botnet attack, which disrupted major websites like Twitter and Netflix.
GreyNoise has observed that the attack is conducted with a high level of sophistication, suggesting a well-resourced adversary. While the exact origin remains unclear, government agencies have previously linked similar attacks to nation-state actors such as China, Russia, North Korea, and Iran.
The vulnerability exploited allows attackers to add a persistent SSH backdoor that remains even after firmware updates. This backdoor uses SSH over port 53282 with a specific truncated public key, enabling unauthorized remote access that typical security measures cannot easily remove.
For Asus router owners, detecting compromise involves logging into the router’s firmware interface and checking the SSH settings. If unauthorized SSH access is enabled with the known malicious key, the router is infected. Simply updating the firmware won’t remove the backdoor.
To secure an infected router, users must:
- Disable SSH access in the router’s Service or Administration settings.
- Block the following IP addresses known to be used by attackers: 101.99.91.151, 101.99.94.173, 79.141.163.179, and 111.90.146.237.
- Restore the router to factory settings to remove any unauthorized configurations.
- Update to the latest firmware version released by Asus to patch the vulnerability.
This attack highlights the evolving complexity of IoT and network device security. It’s a reminder that even trusted manufacturers can face persistent threats requiring proactive, technical responses. Staying informed and vigilant is essential to protect your network from becoming a silent participant in cyberattacks.
Keep Reading
View AllVictoria's Secret Website Offline After Security Incident
Victoria's Secret temporarily shuts down US website and online services following a security incident amid rising retail cyberattacks.
US Sanctions FUNNULL for Enabling $200M Crypto Scam Network
US Treasury sanctions FUNNULL for aiding pig butchering crypto scams causing $200M losses to American victims.
International Students Challenge Trump Social Media Visa Policy
Fifteen Iranian students sue over halted visa interviews amid social media vetting under Trump administration policies.
AI Tools Built for Agencies That Move Fast.
QuarkyByte offers in-depth cybersecurity insights and practical guidance to help you detect and mitigate router vulnerabilities like those affecting Asus devices. Explore our expert analyses and tailored solutions to safeguard your network infrastructure from persistent threats and advanced exploitation campaigns.