Cybersecurity analysts from GreyNoise have uncovered a significant exploitation campaign targeting ASUS routers that are openly accessible on the internet. Thousands of routers have already been compromised, with intruders employing various tactics such as brute-force login attempts and exploitation of known vulnerabilities. Once they gain access, attackers can deploy payloads that create backdoors for persistent access, even through firmware updates. This indicates a sophisticated approach typical of advanced persistent threat actors, suggesting the potential for developing a botnet in the future.
Analysts at GreyNoise have identified an ongoing exploitation campaign targeting ASUS routers exposed on the internet, with thousands confirmed compromised.
Routers are being attacked via brute force and older authentication vulnerabilities to deploy payloads exploiting command injection vulnerabilities.
The final step allows attackers to enable remote SSH access through official ASUS settings, maintaining access even after firmware updates.
The tactics align with advanced persistent threat operations, indicating the campaign may be laying groundwork for future botnet activities.
Collection
[
|
...
]