Slashdot: ASUS Router Backdoors Affect 9,000 Devices, Persists After Firmware Updates

May 29, 2025

—

Source URL: https://it.slashdot.org/story/25/05/29/2052229/asus-router-backdoors-affect-9000-devices-persists-after-firmware-updates?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: ASUS Router Backdoors Affect 9,000 Devices, Persists After Firmware Updates

Feedly Summary:

AI Summary and Description: Yes

Summary: The text discusses a significant security issue involving the compromise of thousands of ASUS routers with malware-free backdoors, which could enable the establishment of a botnet. The report highlights the sophisticated techniques used by threat actors to maintain persistent access to these devices, posing serious security risks for users.

Detailed Description:
This report outlines a concerning development in the realm of infrastructure security, specifically related to home networking equipment. Key points include:

– **Nature of Compromise**: Thousands of ASUS routers have been infiltrated through backdoors that do not require malware, allowing attackers to maintain access even across reboots and firmware updates.
– **Threat Actor Profile**: The attacks are suspected to be the work of highly skilled threat actors, indicating a sophisticated approach, potentially intended to construct a botnet for further malicious purposes.
– **Detection and Reporting**: The breaches were detected by GreyNoise’s AI-driven Sift tool, highlighting the effectiveness of AI in security monitoring. Coordination with governmental and industry partners led to a timely disclosure of the issue.
– **Associated Campaign**: The attack is part of a broader campaign, referred to as ViciousTrap, where various edge devices have been compromised to create a network for malicious activities.
– **Potentially Affected Devices**: Specific ASUS models identified as compromised include the RT-AC3200, RT-AC3100, GT-AC2900, and Lyra Mini, affecting a wide range of users.
– **User Recommendations**: GreyNoise recommends users conduct a full factory reset of any potentially compromised device and check for unauthorized SSH access on TCP port 53282, emphasizing the importance of proper device management and security hygiene.

While the text primarily discusses infrastructure security, it is also relevant to the broader themes of IoT security and compliance considerations regarding network device management. This incident serves as a reminder for security professionals to maintain vigilance over their network infrastructure and implement robust security controls to mitigate such risks.

1 10 2 3 5 53 a access Act after AI and app art as Asus Asus routers attack attackers attacks backdoor backdoors botnet breach breaches by C C2 CERN CI CIA co compliance compliance considerations compromised control controls coordination cross D de detection development device device management disclosure DoT drive driven e edge Edge Devices effective effectiveness end equipment fact factory reset file firmware firmware update firmware updates for free full g Go government GreyNoise H high Highlight HR http HTTPS in incident industry infrastructure infrastructure security io IoT IoT Security issue k Key l led Li Link lm low M malicious activities malware man management mini Mode model models Monitor monitoring N nation network network device management network infrastructure Networking no non o of on OPM ory oS OT Security out over phi point porting potential professionals Q R rate RCE real recommendations red report reporting Risk risks Ro robust security routers s sec security security and compliance security controls security hygiene security monitoring security professionals security risk security risks side Sig SoC source specific SSE SSH SSO T tech techniques text the threat threat actor threat actors Time to tool Tor TP two UI up update updates US use user Users uth V vigilance Ware Wi x