Thousands of ASUS Routers Hijacked in Stealthy Backdoor Campaign
NetmanageIT OpenCTI - opencti.netmanageit.com

SUMMARY :
A sophisticated hacking campaign has compromised approximately 9000 ASUS routers, creating persistent backdoors that survive firmware updates and reboots. The attackers utilize the routers' legitimate features to maintain long-term access without dropping malware or leaving traces. This operation appears to be assembling a distributed network of backdoor devices, potentially for a future botnet. The intrusion chain involves brute-force login attempts, exploitation of zero-day vulnerabilities, and the use of CVE-2023-39780. The attackers employ stealthy techniques such as enabling SSH access on a custom port, inserting attacker-controlled public keys, and disabling router logging. The campaign's sophistication suggests a formidable and well-funded adversary, possibly associated with Chinese-sponsored hackers.
OPENCTI LABELS :
backdoor,botnet,ssh access,operational relay box,asus routers,cve-2023-39780
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Thousands of ASUS Routers Hijacked in Stealthy Backdoor Campaign