Cybercriminals Hack Asus Routers: Here's How to Check If They Got Into Yours
If you own an Asus router, it might be one of the 9,000 hacked by "a well-resourced and highly capable adversary," according to a new report from security firm GreyNoise. The discovery was made on May 18, and the company is now disclosing its findings after reporting them to the government and industry partners.
The culprit behind this attack remains unknown, but GreyNoise says that the level of tradecraft used suggests a highly capable adversary with significant resources at their disposal. The threat actor engaged in an extensive exploitation campaign, gaining unauthorized access to Asus routers exposed to the internet. Their goal appears to have been to assemble a distributed network of devices and create a botnet.
So, what can you do if you own an Asus router? First, log into the router's firmware and look for the "Enable SSH" option in settings. It could be under the "Service" or "Administration" section. If your device has been compromised, it will show that someone can log into it using SSH over port 53282 with this SSH public key (truncated here).
If your router has been accessed, the best thing you can do is perform a factory reset, advises PCMag security analyst Kim Key. This attack is particularly formidable because it "survives both reboots and firmware updates, giving them durable control over affected devices." A factory reset will get around this.
In most other cases, updating the firmware would have solved the problem. However, since Asus has already fixed the CVE-2023-39780 flaw with its latest firmware update, it's essential to stay on top of updates for all internet-connected devices in your home, including your router. "Keep on top of firmware updates for all of the internet-connected devices in your home," Key says. "In addition to your other cybersecurity checklist chores, remember to check your devices periodically for updates throughout the year."
Additionally, Asus recommends that you remove or disable the SSH entry and block the following four IP addresses: 77.224.96.56, 77.236.76.41, 50.137.64.37, and 162.248.102.44.
Protecting Your Asus Router
To avoid falling victim to this attack in the future, it's crucial to stay vigilant about updating your firmware regularly. Asus has already taken steps to address the issue with its latest update, but it's essential to continue monitoring for any further vulnerabilities.
Cybersecurity experts stress the importance of regular updates and periodic checks for vulnerable devices. By staying informed and taking proactive measures, you can significantly reduce the risk of falling victim to cyber attacks like this one.