Security firm GreyNoise disclosed that thousands of Asus routers have been compromised by a sophisticated group of cybercriminals who utilized brute-force login techniques and exploited various vulnerabilities. The attackers set up unauthorized SSH access and a persistent backdoor on the devices, enabling remote control without proper authentication. Notably, logging was disabled to cover their tracks, signifying a stealth operation without malware installation. Over 9,000 routers were identified as affected, though signs of exploitation appear limited, indicating a gradual approach to their campaign.
By using built-in Asus settings, the attackers were able to set up SSH access, a secure way to connect to and control remote devices.
The criminals even disabled logging to avoid detection, ensuring their unauthorized access went unnoticed.
Collection
[
|
...
]