Botnet compromises over 9,000 ASUS routers

G225 code IRSGE

A botnet called AyySSHush has infected more than 9,000 ASUS routers, as well as Cisco, D-Link, and Linksys devices. This stealthy attack was discovered in March 2025 and appears to be linked to a sophisticated threat actor.

They exploit multiple security flaws, including CVE-2023-39780, to inject an SSH key that grants them persistent access even after a reboot or firmware update. They also disable logs and Trend Micro AiProtection to avoid detection.

Update your router firmware immediately.
Check for suspicious files and unauthorized SSH keys.
Block these IP addresses linked to the attack:
• 101.99.91[.]151
• 101.99.94[.]173
• 79.141.163[.]179
• 111.90.146[.]237

Perform a full reset if you suspect your router has been compromised.

ASUS RT-AC3100, RT-AC3200, et RT-AX55

Source: here

Mike RZMAX

Thank you for this information.

PotatoStarch

Interesting, thanks

THORGAL CODE WT31T

Thanks for this information

Bois_3ISKD

Thanks for info