Asus routers have been found vulnerable to a sophisticated backdoor attack that can survive reboots and firmware updates, allowing hackers to maintain long-term access to the devices. The attack, attributed to a nation-state or well-resourced threat actor, exploits previously patched vulnerabilities to gain unauthorized control of the devices.
Once inside, the attackers install public encryption keys for remote access via SSH, enabling anyone with the private key to log in with administrative system rights. This “durable control” allows the hackers to maintain access without leaving obvious traces or deploying malware.
Researchers from security firm GreyNoise have tracked over 9,000 affected devices worldwide, with the number continuing to grow. The company believes this is an early stage of a larger campaign by the threat actor to amass compromised devices for future use.
Source: https://arstechnica.com/security/2025/05/thousands-of-asus-routers-are-being-hit-with-stealthy-persistent-backdoors