Thousands of Asus Routers Have Been Hijacked, But I Wouldn't Panic Just Yet
As of May 27, over 9,000 Asus routers have been confirmed compromised in what the firm characterizes as an 'ongoing exploitation campaign.'
GreyNoise has been tracking the attack since Mar. 17. In the months since, they've only seen 30 requests related to the attack, which indicates how quietly the campaign is operating. The attackers have maintained access to affected routers even after reboots and firmware updates, 'giving them durable control over affected devices,' the blog post says.
While that sounds pretty scary, you probably don't need to replace your router just yet. Your personal data isn't the target in attacks like these. Instead, the attacker uses infected devices as pawns in a larger game.
'These compromised IoT devices, like smart cameras or a router, have enough computational power that you can use networks of tens of thousands of them to do a denial of service attack,' Yuvraj Agarwal, a computer science professor at Carnegie Mellon, told CNET.
Locating local internet providers
He compared it to the infamous Mirai botnet attack from 2016 that temporarily took down websites like Twitter, Netflix, Reddit and Pinterest.
'It's not trying to compromise your laptop or your iPhone, right? That's not what it's doing,' Agarwal added. 'Users would have to ignore a few different safeguards for them to be vulnerable to somebody stealing their credentials.'
GreyNoise didn't say exactly where it thinks the attack is coming from, but did note that 'the level of tradecraft suggests a well-resourced and highly capable adversary.'
The Cybersecurity and Infrastructure Security Agency (CISA) has named China, Russia, North Korea and Iran as likely actors in similar attacks in the past. Few Wi-Fi routers have been immune to such breaches. CISA keeps a list of Known Exploited Vulnerabilities (KEV) that have been observed in the wild, and almost every router manufacturer appears on there somewhere.
'We find stuff in everything," said Thomas Pace, CEO of cybersecurity firm NetRise and former security contractor for the Department of Energy, in a previous interview.
'The problem with the CISA KEV [list] is, if everything's on the list, how good is that list?' Pace added. 'Basically, every telecommunications device on the planet has at least one vulnerability on the CISA KEV.'
While it first observed the attack in March, GreyNoise said it waited until now to release its findings so it could coordinate with government and industry partners.
A representative for Asus declined CNET's request for comment on this story and referred me to their product security advisory page for the latest updates.
What to do if you own an Asus router
In most attacks, the router manufacturer can issue a firmware update that fixes the vulnerability. But in this case, the attackers exploited a security flaw that allows them to retain backdoor access even after reboots and firmware updates.
'Because this key is added using the official ASUS features, this config change is persisted across firmware upgrades,' GreyNoise noted in another post. 'If you've been exploited previously, upgrading your firmware will NOT remove the SSH backdoor.'
The steps you'll need to take to find out if your router has been compromised -- and potentially fix it -- are fairly technical, so bear with me here.
Log into your router's firmware. You can do this via the Asus app or by going to http://www.asusrouter.com. Find the "Enable SSH" option under Service or Administration settings. If your router was breached in this campaign, these settings will show that someone can log into it using SSH over port 53282 with a truncated SSH public key of: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAo41nBoVFfj4HlVMGV+YPsxMDrMlbdDZ...
If your router hasn't been infected, your next step will be to update the firmware immediately. Asus fixed the flaw with its latest update, which should take care of it.
If your router has been infected, the backdoor will still be there even if you update the firmware. In that case, you'll need to follow these steps to block unauthorized access:
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
19 minutes ago
- Yahoo
Here is Why ProPetro Holding (PUMP) Plunged This Week
The share price of ProPetro Holding Corp. (NYSE:PUMP) fell by 13.3% between July 11 and July 18, 2025, putting it among the Energy Stocks that Lost the Most This Week. An oil derrick silhouetted against a rising sun with a blue sky in the background. ProPetro Holding Corp. (NYSE:PUMP) is an oilfield services company that engages in the provision of hydraulic fracturing and other complementary services. ProPetro Holding Corp. (NYSE:PUMP) plunged this week following a downturn witnessed in the overall oilfield services sector, amid reports of a slowdown in drilling activity and a broader pullback in exploration and production spending. Analysts expect the sector to post a decline in earnings in the Q2 earnings season, as well as a drop in guidance for the second half of the year. Moreover, investors may also have reacted to ProPetro Holding Corp. (NYSE:PUMP) recently announcing a change in leadership, with Mr. Caleb Weatherl appointed as the company's new CFO on July 14, 2025. Following the recent decline, the share price of ProPetro Holding Corp. (NYSE:PUMP) has plunged by over 42% since the beginning of 2025. While we acknowledge the potential of PUMP as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the best short-term AI stock. READ NEXT: 12 Best Oil and Gas Dividend Stocks to Buy Now and The 5 Energy Stocks Billionaires are Quietly Piling Into. Disclosure: None. Sign in to access your portfolio
Yahoo
19 minutes ago
- Yahoo
Target downgraded, Dollar Tree upgraded: Wall Street's top analyst calls
The most talked about and market moving research calls around Wall Street are now in one place. Here are today's research calls that investors need to know, as compiled by The 5 Upgrades: Barclays upgraded Dollar Tree (DLTR) to Overweight from Equal Weight with a price target of $120, up from $95. The company is positioned to benefit from a trade down by consumes, which will accelerates in the second half of 2025, the firm tells investors in a research note. Morgan Stanley upgraded Pinterest (PINS) to Overweight from Equal Weight with a price target of $45, up from $37. The firm's advertising checks are constructive on Pinterest's improving ad efficiency and performance-driven growth. Morgan Stanley upgraded Etsy (ETSY) to Equal Weight from Underweight with a price target of $50, up from $38. The firm sees a more balanced catalyst path for the shares after they underperformed the S&P 500 Index by 20% over the past year. Seaport Research upgraded both Analog Devices (ADI) and Texas Instruments (TXN) to Neutral from Sell with no price target. While the firm sees "no strong catalysts," it acknowledges that it was "wrong" in its prior thought that the analog inventory cycle was not going to improve and the macro economy was slowing. Monness Crespi upgraded Fiserv (FI) to Neutral from Sell with no price target, telling investors that the firm sees fair value at about $155 per share. The firm's sense is that the market has been looking to revalue the stock as long as the Clover volume trajectory remains above double digits over the medium term and it recommends investors to "be ready" for the next opportunity. Top 5 Downgrades: Barclays downgraded Target (TGT) to Underweight from Equal Weight with an unchanged price target of $91. The firm says that absent a bigger strategic shift, the company's sales will continue to underperform. Needham downgraded Sarepta (SRPT) to Underperform from Hold without a price target. The company late Friday reported receiving an informal request from the FDA to voluntarily halt shipments of Elevidys and that it denied this request, the firm tells investors in a research note. Mizuho, Leerink, and Baird also downgraded Sarepta to Neutral-equivalent ratings, while Deutsche Bank cut its rating on the name to Sell. Truist downgraded Biogen (BIIB) to Hold from Buy with a price target of $142, down from $199, after a transfer in coverage. The stock's discounted multiple versus pees is warranted given the "suboptimal" growth outlook for Biogen's commercial franchise, the firm tells investors in a research note. Argus downgraded Elevance Health (ELV) to Hold from Buy, citing the ongoing pressures on the company's profit margins from medical cost trends in its Medicaid and ACA marketplace businesses. Truist downgraded Royal Caribbean (RCL) to Hold from Buy with a price target of $337, up from $275. Truist has observed a bounce-back in bookings since April's pullback, but when averaging March-early July's year over year bookings, demand pace is only up low-to-mid-single digits, well off the high-teens monthly pace that 2024 averaged, the firm tells investors in a research note. Top 5 Initiations: Loop Capital initiated coverage of Autodesk (ADSK) with a Hold rating and $320 price target. Loop is constructive on Autodesk's long-term prospects but believes the stock's current valuation reflects much of its expected growth and execution improvements. Benchmark initiated coverage of General Motors (GM) with a Buy rating and $65 price target, calling the stock "a compelling opportunity for investors seeking exposure to a durable, cash-generative U.S. industrial franchise with underappreciated upside potential." Oppenheimer initiated coverage of Affirm (AFRM) with an Outperform rating and $80 price target, offering 15% upside potential. The firm argues that Affirm stands out as a leader in the Buy Now, Pay Later space with its advanced underwriting, robust funding strategy, strong merchant relationships, and transparent pricing model. Stephens initiated coverage of Paylocity (PCTY) with an Equal Weight rating and $200 price target. The firm believes the company is well positioned to gain share "while navigating sub-optimal labor market conditions," but believes the valuation reflects expectations of a conservative guide with modest outperformance. Barclays initiated coverage of Kroger (KR) with an Equal Weight rating and $75 price target. The firm is positive on Kroger's post-deal refocus. Barclays also started Sprouts Farmers (SFM) with an Equal Weight and Albertsons (ACI) with an Underweight. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
19 minutes ago
- Yahoo
Core Laboratories (CLB) Falls Amid a Difficult Time for the Oilfield Services Sector
The share price of Core Laboratories Inc. (NYSE:CLB) fell by 11.35% between July 11 and July 18, 2025, putting it among the Energy Stocks that Lost the Most This Week. A drilling rig manned by engineers and oil field workers preparing to explore a new petroleum reservoir. Core Laboratories Inc. (NYSE:CLB) is a leading global provider of proprietary and patented reservoir description and production enhancement services and products for the oil and gas industry. Core Laboratories Inc. (NYSE:CLB) slumped this week after Stifel lowered the firm's price target from $13 to $12, while maintaining a 'Hold' rating on its shares. The move reflects the analyst's overall bearish outlook for the overall oilfield services sector, which has significantly underperformed the broader market since the beginning of 2025. The oil and gas services industry is expected to post a decline in profits this earnings season due to an overall slowdown in drilling activity, caused by falling crude oil prices and global economic uncertainty due to President Trump's tariff war. It is also expected that the guidance for the second half of this year will probably be lowered among oilfield contractors, further weighing down their stocks. While we acknowledge the potential of CLB as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the best short-term AI stock. READ NEXT: 12 Best Oil and Gas Dividend Stocks to Buy Now and The 5 Energy Stocks Billionaires are Quietly Piling Into. Disclosure: None. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
