Researchers at GreyNoise have identified an ongoing campaign targeting Asus home and small office routers, infecting approximately 9,000 devices with a persistent backdoor. The attackers exploit patched and unpatched vulnerabilities to gain administrative control, install a public SSH key, and maintain access even after reboots and firmware updates. While the purpose of the compromised devices is currently unknown, the activity suggests the attackers are building a botnet for potential future use.
Security researchers at GreyNoise have identified an ongoing, sophisticated cyberattack campaign targeting Asus home and small office routers, resulting in approximately 9,000 devices worldwide being infected with a stealthy backdoor. The attackers, believed to be a nation-state or another well-resourced threat actor, exploit both previously patched and untracked vulnerabilities to gain administrative control, subsequently installing a public SSH key. This methodology grants persistent access that survives device reboots and firmware updates, indicating a high level of operational capability and ensuring durable control over the compromised hardware. While GreyNoise reports no current malicious deployment of these infected devices, the activity suggests the attackers are in the preparatory stages of amassing a significant botnet for future unspecified operations. The use of authentication bypasses and abuse of legitimate configuration features to maintain access without obvious traces further underscores the advanced nature of this threat to widely deployed networking infrastructure.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
strongly negative
Sentiment Score
-0.70
