Thousands of ASUS Routers Hacked to Create a Major Botnet Planting Damaging Malware

A staggering number of ASUS routers have fallen victim to a sophisticated cyberattack, leaving thousands of devices compromised and potentially vulnerable to further malicious activities.

According to cybersecurity experts at GreyNoise, the attacks began in mid-March 2025, with the researchers identifying a series of malicious activities that suggest a well-planned and stealthy operation. The attackers exploited a known security vulnerability, CVE-2023-39780, which carries a severity score of 8.8/10 (high) and was first published in the National Vulnerability Database (NVD) on September 11, 2023.

The vulnerability allows attackers to bypass authentication and gain access to routers using brute force tactics. Once inside, they exploited a command injection flaw to run system commands, which enabled them to install a backdoor that survives both reboots and firmware updates. This means the attackers can maintain long-term access without dropping stage-two malware or leaving behind obvious traces.

"The tactics used in this campaign are consistent with those seen in advanced, long-term operations, including activity associated with advanced persistent threat (APT) actors and operational relay box (ORB) networks," GreyNoise explained. "While we have made no attribution, the level of tradecraft suggests a well-resourced and highly capable adversary."

The attackers' use of built-in system features for persistence and careful avoidance of detection is particularly noteworthy. This level of sophistication indicates that the attackers are likely to be sophisticated nation-state actors or organized crime groups.

As the attacks continue to spread, it's essential for ASUS router owners to take immediate action to protect their devices. The company has released firmware updates to address the vulnerability, but users need to ensure they have applied these patches to prevent further exploitation.

The number of compromised devices is estimated to be in the thousands, with the figure steadily increasing. While the exact number remains unknown, it's clear that this is a major botnet operation with significant potential for disruption and damage.

As the cybersecurity landscape continues to evolve, it's essential for individuals and organizations to remain vigilant and take proactive measures to protect themselves against such threats. By staying informed and taking steps to secure their devices and networks, users can reduce the risk of falling victim to similar attacks in the future.

Stay Safe Online:

To protect yourself from this threat, make sure to:

* Apply firmware updates as soon as they become available * Use strong and unique passwords for all accounts * Enable two-factor authentication whenever possible * Keep your operating system and software up-to-date with the latest security patches * Regularly scan your devices and networks for malware and other threats

By taking these steps, you can significantly reduce the risk of falling victim to this botnet operation and protect yourself from future attacks.