Over 50,000 Asus Routers Hacked in ‘Operation WrtHug’
securityweekA Chinese threat actor is exploiting known vulnerabilities in discontinued Asus devices in an Operational Relay Box (ORB) facilitation campaign.
A Chinese state-sponsored threat actor has compromised tens of thousands of Asus routers to establish a persistent network in support of global espionage campaigns, SecurityScorecard reports.
As part of the apparent Operational Relay Box (ORB) facilitation campaign, dubbed Operation WrtHug (PDF), the hackers exploited known vulnerabilities to compromise the routers’ AiCloud service, which enables users to access local storage from the internet.
The exploited bugs include CVE-2023-41345, CVE-2023-41346, CVE-2023-41347, CVE-2023-41348, and CVE-2023-39780 (CVSS score of 8.8), which are high-severity command injection issues rooted in the insufficient filtering of special characters.
Additionally, the threat actor was seen exploiting two AiCloud service bugs, namely CVE-2024-12912, a high-severity command execution defect, and CVE-2025-2492, a critical-severity improper authentication control flaw.
On all compromised devices, mostly discontinued models, the hackers installed a shared, self-signed ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE