Security research group GreyNoise has discovered a botnet network called AyySSHush that targets thousands of Asus routes, allowing attackers to access and control the device.
According to GreyNoise, the person behind the combination of login information using the brute-force method, ignored authentication and exploited old vulnerabilities, then broke into the Asus routing set. Currently, affected models include: RT-AC3100, RT-AC3200 and RT-AX55.
Brute-force is a process of hackers testing character strings until they hit a password or security lock to access an account. This is a simple form but dangerous if the system does not have protective measures such as limiting incorrect entry or two-step authentication.
According to GreyNoise, the attacks were carried out secretly because they were not related to malware. Therefore, users will have difficulty detecting it because the blogger has turned off the log-taking function. The security team recorded more than 9,000 Asus routes infected.
GreyNoise warned that hackers may be quietly building a routing network to create a foundation for a future Botnet network.
Previously, French security research group Sekoia also discovered another blogger campaign called Vicious Trap targeting the Asus routing through the CVE-2021-330 vulnerability.
Asus said it has noted GreyNoise's warnings and issued an update to fix the CVE-2023-39780 vulnerability for affected routes. However, the deployment time may vary depending on the model.
