Security researchers have identified a widespread attack on thousands of ASUS wireless routers, which has also affected Cisco, D-Link, and Linksys devices. The attackers gained unauthorized access to the routers by exploiting a known vulnerability, allowing them to maintain control even after firmware updates.
The exploit survives reboots and firmware updates, making it difficult for users to remove the malware. The attackers used legitimate configuration features to establish persistent access to the affected devices. It is believed that a nation-state actor may be behind the attack, with plans to use the compromised routers for large-scale exploitation.
ASUS routers affected include the RT-AC3100, RT-AC3200, and RT-AX55. If a router has been compromised, it’s too late to update the firmware, as the attacker maintains backdoor access. The exploit also disables logging, making it hard to detect compromise.
To mitigate the risk, users with affected ASUS models are recommended to perform a factory reset and then update the firmware. Although updating alone won’t remove the infection, doing so after a full reset will prevent re-infection. Users of other brands, such as Cisco, D-Link, and Linksys, do not need to take action at this time.
For more information on the attack, visit Greynoise.
Source: https://9to5mac.com/2025/05/29/psa-thousands-of-asus-wireless-routers-compromised-by-botnet