The network equipment that you connect your computer to is, of course, also made up of computers—and they’re more complex than you might think. In fact, they’re sophisticated enough to run their own custom software… and that means they can be hacked and commandeered to do some shady things. According to a new report, approximately 9,000 Asus-branded network routers were turned into a botnet.
Security vendor GreyNoise discovered the botnet, which they say comes from “a well-resourced and highly capable adversary” (i.e., a team from, or financed by, a nation-state level actor). Routers are infected using a command injection flaw, which then enables SSH access on a custom port for remote control. Hackers brute-force logins and bypass authentication with two different techniques. According to BleepingComputer, the affected Asus routers include popular models like the RT-AC3100, RT-AC3200, and RT-AX55.
The routers compromised by this attack stay infected even after a reboot or a firmware update, thanks to configurations stored in non-volatile memory. So if you get infected, you’ll have to perform a complete factory reset of your hardware and reconfigure it manually. You can tell if you’re compromised by detecting activity from at least four specific IP addresses and access through the TCP/53282 port… though now that these addresses and port are known, the hackers might shift things around.
Fortunately, it’s possible to protect yourself if you have a vulnerable router that hasn’t yet been infected. You can update your Asus router to the latest firmware from or after May 27th, 2025.
Again, if your router is already compromised, then updating your router firmware WILL NOT STOP THE HACKERS on its own! You’ve got to completely factory reset your router and reconfigure it.
The network equipment that you connect your computer to is, of course, also made up of computers—and they’re more complex than you might think. In fact, they’re sophisticated enough to run their own custom software… and that means they can be hacked and commandeered to do some shady things. According to a new report, approximately 9,000 Asus-branded network routers were turned into a botnet.
Security vendor GreyNoise discovered the botnet, which they say comes from “a well-resourced and highly capable adversary” (i.e., a team from, or financed by, a nation-state level actor). Routers are infected using a command injection flaw, which then enables SSH access on a custom port for remote control. Hackers brute-force logins and bypass authentication with two different techniques. According to BleepingComputer, the affected Asus routers include popular models like the RT-AC3100, RT-AC3200, and RT-AX55.
The routers compromised by this attack stay infected even after a reboot or a firmware update, thanks to configurations stored in non-volatile memory. So if you get infected, you’ll have to perform a complete factory reset of your hardware and reconfigure it manually. You can tell if you’re compromised by detecting activity from at least four specific IP addresses and access through the TCP/53282 port… though now that these addresses and port are known, the hackers might shift things around.
Fortunately, it’s possible to protect yourself if you have a vulnerable router that hasn’t yet been infected. You can update your Asus router to the latest firmware from or after May 27th, 2025.
Again, if your router is already compromised, then updating your router firmware WILL NOT STOP THE HACKERS on its own! You’ve got to completely factory reset your router and reconfigure it. Networking, Security Software and Services PCWorld
