Asus routers across the globe hit by suspected Chinese cyberattack - here's what we know

• Thousands of expired ASUS routers hijacked into “Operation WrtHug” cyber-espionage botnet
• Chinese state-sponsored actors exploit multiple n-day flaws, using 100-year TLS certificates
• Compromised routers form relay network, mostly in Taiwan and Southeast Asia

Thousands of expired ASUS routers are being hijacked and assimilated into a botnet being used as infrastructure for cyber-espionage operations, experts have warned.

Security researchers SecurityScorecard, together with Asus, discovered and reported the malicious campaign, claiming a group of Chinese state-sponsored threat actors have been leveraging multiple vulnerabilities in a number of ASUS routers to deploy a unique, self-signed certificate.

The vulnerabilities being abused include CVE-2023-41345, CVE-2023-41346, CVE-2023-41347, CVE-2023-41348, CVE-2024-12912, and CVE-2025-2492. These are all n-day flaws, meaning they’ve been around for relatively long. However, since the targeted endpoints reached their end-of-life, most never received the update, or simply weren’t patched by their users.