ASUS Router Backdoors Affect 9,000 Devices, Persists After Firmware Updates
- Reference: 0177857877
- News link: https://it.slashdot.org/story/25/05/29/2052229/asus-router-backdoors-affect-9000-devices-persists-after-firmware-updates
- Source link:
> Thousands of ASUS routers have been [1]compromised with malware-free backdoors in an ongoing campaign to potentially build a future botnet, GreyNoise [2]reported Wednesday. The threat actors abuse security vulnerabilities and legitimate router features to establish persistent access without the use of malware, and these backdoors survive both reboots and firmware updates, making them difficult to remove.
>
> The attacks, which researchers suspect are conducted by highly sophisticated threat actors, were first detected by GreyNoise's AI-powered Sift tool in mid-March and disclosed Thursday after coordination with government officials and industry partners. Sekoia.io also reported the compromise of thousands of ASUS routers in their [3]investigation of a broader campaign , dubbed ViciousTrap, in which edge devices from other brands were also compromised to create a honeypot network. Sekoia.io found that the ASUS routers were not used to create honeypots, and that the threat actors gained SSH access using the same port, TCP/53282, identified by GreyNoise in their report.
The backdoor campaign affects multiple ASUS router models, including the RT-AC3200, RT-AC3100, GT-AC2900, and Lyra Mini.
GreyNoise advises users to perform a full factory reset and manually reconfigure any potentially compromised device. To identify a breach, users should check for SSH access on TCP port 53282 and inspect the authorized_keys file for unauthorized entries.
[1] https://www.scworld.com/news/asus-router-backdoors-affect-9k-devices-persist-after-firmware-updates
[2] https://www.greynoise.io/blog/stealthy-backdoor-campaign-affecting-asus-routers
[3] https://blog.sekoia.io/vicioustrap-infiltrate-control-lure-turning-edge-devices-into-honeypots-en-masse/
Can we really trust this? (Score:2)
I mean sure, it claims they are using an AI-powered tool, but if it isn't *agentic* is it really suitable for anything?
Re: (Score:2)
This is the kind of thing that folks can check after the AI has spotted it. An *extremely* good use case.
OpenWRT (Score:1)
'nuff said.
Re: (Score:1)
[1]https://openwrt.org/supported_... [openwrt.org]
maybe i'm just bad at the documentation but it doesn't seem like that many asus routers are supported so nice try?
[1] https://openwrt.org/supported_devices
Re: (Score:1)
actually the RT-AC3100 and RT-AC3200 mentioned do seem to be on the supported list but almost every Asus router i've seen personally is not on there.
Never Enable WAN Access (Score:3)
The original announcement isn't clear, but based on the relatively low number of affected devices (there must be hundreds of thousands of these routers in use), it seems that only "savvy" users who enabled forms-based logins on the WAN port may have been affected.
Installing a private key and enabling SSH on a non-default port (as the attackers did) is likely much more secure, if the device absolutely must be accessible, or enabling the VPN -- again with public/private key pairs.
Vegeta? (Score:2)
What does the scouter say?
Van on fire (Score:2, Funny)
Put the leaders of ASUS in a van in their parking lot. Set it on fire.
Re: Van on fire (Score:2)
It might solve the problem that ASUS is generally shit now. Their hardware has been having more and more problems and they now have some of the worst support in the industry.
Re: (Score:2)
The goal would be to make the leaders care about security issues in the first place.
Right now, they can choose to spend less on engineering and then give the money saved to themselves to buy a bigger super yacht. The consequences of only using the cheapest possible labor and cutting every possible corner is that their routers get hacked easily. But this doesn't hurt the CEO in any way. They keep their super yacht. So why shouldn't they do it?
Re: (Score:2)
They threat of immolation might.
Re: (Score:2)
It will if you throw the router in the van too.
Re: (Score:2)
> arson and murder isn't going to solve security issues in routers
* opens van cargo door *
"Shit sorry, almost forgot these."
* tosses in a few thousand ASUS compromised routers *
Now all we're missing, is the marshmallows.
Re: (Score:2)
arson and murder isn't going to solve security issues in routers
(needs citation)
Re: (Score:2)
Are you sure? Doing only half of that to just one CEO was apparently enough for them to start easing up on the profit > human lives pedal. I mean, till their shareholders sued them for being too humane, that is. Not that anybody should ever do that, of course. You're absolutely right on that point.