ASUS Routers Hit By Stealthy Backdoor Botnet Attack That Evades Firmware Upgrades

Heads up if you have an Asus router in your home or office, as there's a backdoor exploit doing the rounds affecting 9,000 devices and counting. This event came to light by way of the security firm GreyNoise and its Sift AI tool that spotted some odd-looking traffic and flagged it for a closer look.

The page describing the exploit doesn't mention specific ASUS router models, we're guessing because the initial means to install the backdoor is to gain access to the router by using commonly used brute-force login attempts and authentication bypasses. Once the attackers have gained a measure of access, they exploit CVE-2023-39780 to be able to run system commands, and then proceed to disable logging and configure a remote access service (SSH) on port 53282, with their own key.

This latter configuration is done using the standard configuration tools present in most any ...