Recent reports from GreyNoise indicate that a sophisticated group of cybercriminals has compromised over 9,000 Asus routers. Utilizing brute-force techniques and specific vulnerabilities, the attackers gained unauthorized access to these devices, managing to set up secure SSH access and install backdoors in non-volatile memory. Interestingly, although no malware was installed, the attackers implemented stealth tactics including disabling logging to hide their activities. With fewer access attempts observed recently, it suggests a slow and covert campaign aimed at building a distributed network.
By using built-in Asus settings, they were able to set up SSH access, a secure way to connect to and control a remote device.
Once they'd accessed the router, they were able to run arbitrary system commands by exploiting a known security flaw identified as CVE-2023-39780.
Though no malware was actually installed, the attackers certainly left their mark.
This appears to be part of a stealth operation to assemble a distributed network.
Collection
[
|
...
]