GreyNoise found hackers attacking thousands of ASUS routers during March 2025. Criminals guess weak passwords and exploit firmware bugs to control the devices. They plant SSH keys inside router memory that survives restarts and updates. The backdoor stays active even after users install new firmware. Attackers turn off logging features to hide their activities from router owners.
Security experts counted over 9,000 infected routers across the globe. Users can test their devices for problems on TCP port 53282. Infected routers accept connections through this unusual port without proper keys. Factory resets clear the malicious code from device memory completely. People must reconfigure all settings and passwords after wiping their routers clean.
ASUS learned about the attacks from GreyNoise researchers immediately. The company contacted government security agencies before making the problem public. Strong passwords protect routers from initial break-ins attempts. Regular firmware updates patch known security holes that criminals exploit. Network administrators should disable remote SSH access unless absolutely required for business operations.
Security experts counted over 9,000 infected routers across the globe. Users can test their devices for problems on TCP port 53282. Infected routers accept connections through this unusual port without proper keys. Factory resets clear the malicious code from device memory completely. People must reconfigure all settings and passwords after wiping their routers clean.
ASUS learned about the attacks from GreyNoise researchers immediately. The company contacted government security agencies before making the problem public. Strong passwords protect routers from initial break-ins attempts. Regular firmware updates patch known security holes that criminals exploit. Network administrators should disable remote SSH access unless absolutely required for business operations.
