216.73.217.139

GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers

· Published 04/06/2025 20:39 · Modified 05/06/2025 00:48

Export JSON

Essential information

Published
04/06/2025 20:39
Modified
05/06/2025 00:48
Tags
2025-06-04 CVE-2023-39780 apt asus routers authentication bypass backdoor botnet nvram persistence ssh stealth
Related entities
3 observables, 5 techniques (mitre)

Description

A sophisticated campaign targeting has been uncovered, compromising thousands of devices. The attackers employ brute-force attempts, authentication bypasses, and exploit to gain initial access. They establish by enabling access on a custom port and inserting their public key, storing configurations in to survive reboots and firmware updates. The operation is characterized by its , disabling logging and avoiding malware installation. The tactics suggest a well-resourced adversary, possibly an group. Nearly 9,000 routers are confirmed affected, with numbers growing. The campaign's discovery was facilitated by AI-powered analysis and emulated router profiles, highlighting the attackers' high level of sophistication and long-term planning.

External references