Recently, thousands of Asus routers were compromised by cybercriminals using advanced tactics including brute-force login and unaffiliated CVE vulnerabilities. The attackers managed to exploit a known flaw, CVE-2023-39780, allowing them to execute remote system commands. Asus confirmed the incident and urged users to update their firmware in response to the security breach. Despite no malware being installed, the criminals established SSH access and a persistent backdoor in the router’s firmware, ensuring easy return without detection, even disabling logging to evade identification.
Asus acknowledged a severe security flaw impacting thousands of its routers as cybercriminals exploited vulnerabilities, leaving backdoors and bypassing authentication methods.
The cybercriminals utilized brute-force techniques and unassigned CVE vulnerabilities for initial access, allowing them to execute arbitrary commands and maintain persistent access.
GreyNoise highlighted the sophistication of the adversarial group behind the attack, emphasizing they are well-resourced and capable, which indicates a serious threat to Asus users.
Asus has alerted customers to the vulnerabilities and advised them to update firmware as a preventive measure against the backdoor established by the attackers.
Collection
[
|
...
]