Techly NewsGet the app

Get the latest tech news

9,000 Asus routers compromised by botnet attack and persistent SSH backdoor that even firmware updates can't fix


The backdoor evades detection and survives firmware updates

The attack begins with threat actors targeting the routers through brute-force login attempts and exploiting authentication bypass techniques, some of which remain undocumented without assigned CVEs. You may like According to GreyNoise’s report, the techniques used by the attackers suggest thorough planning for long-term access and demonstrate a deep knowledge of the system’s architecture. To ensure routers are fully secured, users are advised to take additional manual steps, including checking for active SSH access on TCP port 53282, reviewing the authorized_keys file for unfamiliar entries, and blocking the known malicious IP addresses that may be associated with the campaign.

Get the Android app

Or read this on r/technology

Read more on:

Photo of ASUS

ASUS

Photo of SSH

SSH

Photo of updates

updates

Related news:

News photo

Thousands of Asus routers are being hit with stealthy, persistent backdoors

News photo

New PumaBot botnet brute forces SSH credentials to breach devices

News photo

Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor

« New Apple study shows how your AirPods might one day double as an AI heart monitor
ASUS Router Backdoors Affect 9,000 Devices, Persists After Firmware Updates »