Thousands of ASUS Routers Hijacked in Stealthy Backdoor Campaign

SUMMARY :

A sophisticated hacking campaign has compromised approximately 9000 ASUS routers, creating persistent backdoors that survive firmware updates and reboots. The attackers utilize the routers' legitimate features to maintain long-term access without dropping malware or leaving traces. This operation appears to be assembling a distributed network of backdoor devices, potentially for a future botnet. The intrusion chain involves brute-force login attempts, exploitation of zero-day vulnerabilities, and the use of CVE-2023-39780. The attackers employ stealthy techniques such as enabling SSH access on a custom port, inserting attacker-controlled public keys, and disabling router logging. The campaign's sophistication suggests a formidable and well-funded adversary, possibly associated with Chinese-sponsored hackers.

OPENCTI LABELS :

backdoor,botnet,ssh access,operational relay box,asus routers,cve-2023-39780


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Thousands of ASUS Routers Hijacked in Stealthy Backdoor Campaign