Asus Routers Hacked in 'WrtHug' Campaign
bankinfosecurityResearchers Suspect a Chinese ROB-Building Operation David Perera (@daveperera) , Greg Sirico • November 19, 2025
Suspected Chinese cyberespionage hackers have commandeered tens of thousands of Asus routers in an operation showing a heavy emphasis on infecting devices stationed in Taiwan, say researchers. The campaign tracks with reports that Beijing is actively pressing unpatched routers and Internet of Things devices into networks known as operational relay boxes.
See Also: Gartner Report | Magic Quadrant for SD-WAN
Researchers from SecurityScorecard said they've tracked for months a campaign they dub "WrtHug." Compromised devices have in common a self-signed TLS certificate with an expiration date set for the year 2122. Routers often use self-signed certificates to enable encrypted transmission to services - in this case, a service called AiCloud for sharing locally-stored files over the internet. Asus routers typically generate certificates that last only a decade.
A hunt for the telltale certificate led researchers ...
Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE