Asus Router Hack: Check If Your Model Is Affected

More than 9,000 Asus routers were silently hacked, and if you own one, there’s a chance yours is on that list. Luckily, you don’t have to wait for things to go south to find out.

Over 9,000 ASUS Routers Compromised in Ongoing Attack

A cybersecurity firm, GreyNoiseclaims to have identified an “ongoing exploitation campaign” affecting thousands of ASUS routers exposed to the internet.

The report states that the attackers behind the campaign, who remain unknown, have gained unauthorized and persistent access to over 9,000 ASUS routers. Based on thier tactics, including stealthy initial access and abuse of built-in system features to maintain control, GreyNoise says the activity points to a well-resourced and highly capable adversary, consistent with those seen in advanced, long-term campaigns.

The attackers reportedly used brute-force login attempts and two different authentication methods. After successfully accessing the ASUS routers, they exploited a known vulnerability (CVE-2023-39780) to run arbitrary commands. Through this, they enabled SSH access if it wasn’t already active and inserted their own public SSH key, granting persistent access.

Sence the SSH key is stored in the non-volatile memory (NVRAM) rather than the file system,it survives reboots and firmware updates. The hackers took it one step further by disabling logging as well, removing any traces of their access. Surprisingly, the report claims the attackers don’t seem to be installing any sort of malware, which ultimately leads to the question-why the attack? GreyNoise says in its report:

In case you don’t know, a botnet refers to a network of hijacked computers or devices used to carry out scams and attacks, all remotely controlled by the attackers. Typically, the best course of action in such cases would be to update your router’s firmware. However, doing so won’t help here since the attackers’ changes are stored in the router’s NVRAM.