A recent report from security firm GreyNoise reveals that around 9,000 Asus routers have been hacked by an unknown “well-resourced and highly capable adversary”. The attack, which started on May 18, aimed to create a botnet by gaining unauthorized access to exposed internet-connected routers.
GreyNoise discovered the issue after reporting its findings to the government and industry partners. The threat actor exploited vulnerabilities in Asus routers, allowing them to assemble a distributed network of compromised devices.
If you own an Asus router, there’s a simple way to check if your device has been accessed. Log into the router’s firmware and look for the “Enable SSH” option in settings. If your router has been hacked, it may show unauthorized access using SSH over port 53282 with a specific public key.
To secure your device, experts advise performing a factory reset. This will get around the attack’s durability feature, which survives reboots and firmware updates. Asus also recommends removing or disabling the SSH entry and blocking four IP addresses associated with the attack.
In any case, if you haven’t been accessed, update your router’s firmware to prevent future issues. Asus has already fixed the CVE-2023-39780 flaw with its latest firmware update, which is recommended for all internet-connected devices in your home.
Source: https://uk.pcmag.com/wireless-routers/158320/cybercriminals-hack-asus-routers-heres-how-to-check-if-they-got-into-yours