Jump to content
  • Sign Up
×
×
  • Create New...
New feature: 1 Vote = 0.10€ for server Owner!

Asus responds to concerns over 9,000+ routers compromised by botnet — firmware updates and factory reset can purge routers of persistent backdoor

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted

This is the hidden content, please

Asus responds to concerns over 9,000+ routers compromised by botnet — firmware updates and factory reset can purge routers of persistent *********

ByMMsf3JoxxvuE5b8N82o6.jpg

Asus has issued multiple statements regarding a highly publicized botnet attack infecting over 9,000 routers to date. Per our previous reporting, the “AyySSHush” botnet has infected its hosts through a combination of brute-force attacks and authentication bypasses, and hides its ********* in non-volatile memory, thus attempting to hide from firmware updates and refreshes.

In an official statement regarding the insecurity, Asus told us that the vulnerabilities can be avoided for those yet uninfected, and fixed for those routers that have been compromised. The hostile agents utilize a known command injection flaw, CVE-2023-39780, to enable SSH access on a custom port (TCP/53282) and insert an attacker-controlled public key for remote access.

This exploit has been patched in the latest Asus firmware update, and as such, Asus advises all users of its routers to update their firmware. After this, Asus advises a factory reset, followed by adding a strong administrator password. For those users with routers that have reached end-of-life support, or those who are tech-savvy enough to open up their router settings and wish to avoid a factory reset, Asus recommends “disabling all remote access features such as SSH, DDNS, AiCloud, or Web Access from WAN, and confirming that the SSH (especially TCP port 53282) is not exposed to the Internet.”


You may like

The AyySSHush botnet was first discovered by

This is the hidden content, please
in March, making its findings public in May, via alerts thrown up by its proprietary AI monitoring technology, Sift. GreyNoise categorizes the attackers responsible for the botnet as “a well-resourced and highly capable adversary”, though without making any accusations about who the attackers were. A Censys search of the affected routers, which at the time of writing number above 9,500, can be found
This is the hidden content, please
. To date, activity from the botnet has been minimal, with only 30 related requests registered across three months.

In further comment specifically sent to Tom’s Hardware, Asus adds that it sent push notifications to applicable users alerting them to update their firmware once the exploit became widely known. Users also have resources, including Asus’s product security advisory page and an updated knowledge base article covering the exploit specifically.

Asus also claims to have been working to update firmware on models, including the RT-AX55 router, well before the GreyNoise report went up to protect against this known vulnerability. This is a key detail from the company, as CVE-2023-39780 reporting shows that Asus had been made aware of the vulnerability before the most recent GreyNoise report went out.

Any concerned Asus router users should confirm that their SSH is not exposed to the internet, and are advised to check their router’s log for repeated login failures or unfamiliar SSH keys indicating a past brute-force attack. Leaving routers exposed to WAN access and the open internet is a recipe for disaster, and nearly all routers infected by the botnet were likely operating under highly vulnerable, unsafe conditions caused by end users. Still, as with all web security matters, it is better to be safe than sorry, and to ensure routers and other web-connected devices are operating on modern firmware.

Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.

Follow

This is the hidden content, please
to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.



This is the hidden content, please

#Asus #responds #concerns #routers #compromised #botnet #firmware #updates #factory #reset #purge #routers #persistent #*********

This is the hidden content, please

This is the hidden content, please

0

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept