9,000 Asus Routers Compromised by Botnet Attack with Persistent SSH Backdoor

A major cybersecurity incident has affected more than 9,000 ASUS routers, involving a sophisticated botnet called "AyySSHush". This attack, discovered in March 2025 by the cybersecurity firm GreyNoise, exploits authentication vulnerabilities and uses legitimate router functionalities to establish a persistent SSH backdoor. This backdoor is embedded in the router's non-volatile memory (NVRAM), allowing it to resist firmware updates and device reboots, making traditional remediation methods ineffective.