1. Forum
  2. FidoNet
  3. CONSPRCY

  • Thousands of Asus routers

    From Mike Powell@1:2320/105 to All on Fri May 30 09:19:00 2025
    Thousands of Asus routers hacked to create a major botnet planting damaging malware

    Date:
    Thu, 29 May 2025 13:27:00 +0000

    Description:
    Hackers are brute-forcing older Asus routers and establishing persistent access.

    FULL STORY

    Thousands of ASUS routers were compromised and turned into a malicious botnet after hackers uncovered a troubling security vulnerability, experts have warned.

    This appears to be part of a stealth operation to assemble a distributed network of backdoor devices potentially laying the groundwork for a future botnet, noted cybersecurity researchers GreyNoise, who first spotted the attacks in mid-March 2025.

    Using Sift (GreyNoises network payload analysis tool) and a fully emulated
    ASUS router profile running in the GreyNoise Global Observation Grid, the researchers determined that the threat actors were first breaching routers
    with brute force and authentication bypassing.

    Advanced operations

    These poorly configured routers were easy pickings for the attackers, who
    then proceeded to exploit a command injection flaw to run system commands.

    This flaw is tracked as CVE-2023-39780 and carries a severity score of 8.8/10 (high).

    The vulnerability was first published in the National Vulnerability Database (NVD) on September 11, 2023, and since then ASUS released firmware updates to address it.

    The tactics used in this campaign stealthy initial access, use of built-in system features for persistence, and careful avoidance of detection are consistent with those seen in advanced, long-term operations, including activity associated with advanced persistent threat (APT) actors and operational relay box (ORB) networks, GreyNoise further explains.

    While GreyNoise has made no attribution, the level of tradecraft suggests a well-resourced and highly capable adversary.

    The attackers use the ability to run system commands, to install a backdoor thats stored in non-volatile memory (NVRAM).

    This means the access they establish survives both reboots and firmware updates. The attackers can maintain long-term access without dropping
    stage-two malware , or leaving other obvious traces.

    We dont know exactly how many devices are compromised, other than that there are thousands, with the number steadily increasing.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/thousands-of-asus-routers-hacked-to-cre ate-a-major-botnet-planting-damaging-malware

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)