ASUS Router Apocalypse: AyySSHush Botnet Strikes Over 9,000 Devices!

Over 9,000 ASUS routers have been enlisted into the AyySSHush botnet army, thanks to a sneaky SSH backdoor. These routers now moonlight as part of a botnet, even after reboots and updates. GreyNoise researchers are on the case, proving once again that when it comes to tech, nothing is safe—not even your router’s downtime.

3P
Published: May 29, 2025 7:44 amAdded: May 29, 2025 at 1:06 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like ASUS routers are taking a crash course in “How to Become a Botnet Minion 101,” courtesy of the AyySSHush botnet. With over 9,000 routers compromised, it’s safe to say ASUS routers are now living their best “double agent” lives, complete with a secret SSH backdoor. Who knew routers could moonlight as secret agents?

Key Points:

  • GreyNoise discovered over 9,000 ASUS routers were compromised by the AyySSHush botnet.
  • Attackers added a persistent SSH backdoor, surviving reboots and firmware updates.
  • Exploits target ASUS RT-AC3100, RT-AC3200, and RT-AX55 models with Out-Of-Box configurations.
  • The campaign is attributed to a skilled and well-funded adversary using novel and stealthy techniques.
  • GreyNoise identified four IP addresses as Indicators of Compromise linked to the botnet.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?