Thousands of ASUS Routers Hijacked in Stealthy Backdoor Campaign

Description

A sophisticated hacking campaign has compromised approximately 9000 ASUS routers, creating persistent backdoors that survive firmware updates and reboots. The attackers utilize the routers' legitimate features to maintain long-term access without dropping malware or leaving traces. This operation appears to be assembling a distributed network of backdoor devices, potentially for a future botnet. The intrusion chain involves brute-force login attempts, exploitation of zero-day vulnerabilities, and the use of CVE-2023-39780. The attackers employ stealthy techniques such as enabling SSH access on a custom port, inserting attacker-controlled public keys, and disabling router logging. The campaign's sophistication suggests a formidable and well-funded adversary, possibly associated with Chinese-sponsored hackers.