Techly NewsGet the app

Get the latest tech news

ASUS Router Backdoors Affect 9,000 Devices, Persists After Firmware Updates


An anonymous reader quotes a report from SC Media: Thousands of ASUS routers have been compromised with malware-free backdoors in an ongoing campaign to potentially build a future botnet, GreyNoise reported Wednesday. The threat actors abuse security vulnerabilities and legitimate router features to...

The threat actors abuse security vulnerabilities and legitimate router features to establish persistent access without the use of malware, and these backdoors survive both reboots and firmware updates, making them difficult to remove. The attacks, which researchers suspect are conducted by highly sophisticated threat actors, were first detected by GreyNoise's AI-powered Sift tool in mid-March and disclosed Thursday after coordination with government officials and industry partners. Sekoia.io found that the ASUS routers were not used to create honeypots, and that the threat actors gained SSH access using the same port, TCP/53282, identified by GreyNoise in their report.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of devices

devices

Photo of firmware updates

firmware updates

Photo of persists

persists

Related news:

News photo

New PumaBot botnet brute forces SSH credentials to breach devices

News photo

These devices could pack three times as much energy per pound as today’s best EV batteries, offering a lightweight option for powering trucks, planes, or ships.

News photo

Leak reveals what Sam Altman and Jony Ive are cooking up: 100 million AI 'companion' devices

« 9,000 Asus routers compromised by botnet attack and persistent SSH backdoor that even firmware updates can't fix
Superhuman performance of an LLM on the reasoning tasks of a physician »