GreyNoise reported detecting a campaign targeting Asus routers in mid-March, indicating a possible nation-state link. The threat actor, referred to as ViciousTrap by Sekoia, has potentially compromised around 9,500 devices by backdooring them through multiple vulnerabilities, including a critical command injection flaw (CVE-2023-39780). While some vulnerabilities have been patched, others lack CVE tracking. Users can identify infected devices by checking specific SSH settings and IP access logs, and should promptly remove the backdoor to secure their routers.
GreyNoise revealed it detected a malicious campaign targeting Asus routers linked to potential nation-state actors, highlighting the importance of timely security updates for all devices.
Backdoor attacks by unknown threat actor, dubbed ViciousTrap, have exploited multiple vulnerabilities in Asus routers, with 9,500 devices possibly compromised according to Sekoia.
To identify infection, router users must check SSH settings for specific port configurations and digital certificate keys, and remove backdoor access for security.
Though patches exist for known vulnerabilities, two critical flaws remain without CVE designations, emphasizing a gap in tracking and user awareness.
Collection
[
|
...
]