Thousands of Asus routers are being hit with stealthy, persistent backdoors
1 min read
Summary
Researchers have uncovered a campaign to infect thousands of home and small office routers produced by Asus with a stealth backdoor, allowing nation-state or other well-resourced threat actors to take control of the devices.
The attackers are using zero-day vulnerabilities, as well as some vulnerabilities that have never been tracked via the CVE international security database, allowing them togain administrative control of the devices.
After installing a public encryption key, the hackers can access the devices via SSH and then anyone with the private key is able to automatically login with administrative rights.
The backdoor persists through reboots and firmware updates, giving the attacker long-term access without dropping malware or leaving obvious traces, said to the researchers at security firm GreyNoise, which first spotted the campaign.
So far, the hackers have compromised approximately 9,000 routers worldwide, but there are suggestions that the number of infected devices could be used much higher in future activity.
