### ASUS Wireless Routers Breached
Countless ASUS wireless routers have been breached by a botnet that has also targeted Cisco, D-Link, and Linksys products. The infection technique permits attackers to keep control over the routers even after firmware upgrades.
Security analysts at [GreyNoise](https://www.greynoise.io/blog/stealthy-backdoor-campaign-affecting-asus-routers) initially discovered the vulnerability in March but postponed public notification to give the industry time to organize a counteraction.
> GreyNoise has detected an ongoing exploitation effort whereby attackers have secured unauthorized, ongoing access to numerous ASUS routers connected to the internet. This seems to be part of a covert initiative to form a distributed network of compromised devices — possibly establishing the foundation for a future botnet.
The attackers’ access continues through reboots and firmware updates, ensuring sustained control over the compromised devices. They accomplish this by linking authentication bypasses, taking advantage of known vulnerabilities, and misusing legitimate configuration options without leaving clear evidence.
It is suspected that a nation-state might be behind the assault, aiming to utilize the compromised routers for extensive exploits. Affected ASUS router models include the RT-AC3100, RT-AC3200, and RT-AX55.
Once a router is infiltrated, updating the firmware does not help. According to [Bleeping Computer](https://www.bleepingcomputer.com/news/security/botnet-hacks-9-000-plus-asus-routers-to-add-persistent-ssh-backdoor/), the alterations permit threat actors to maintain backdoor access even between reboots and firmware updates.
> “Since this key is introduced using the official ASUS features, this configuration change is retained across firmware upgrades,” clarifies another related report from GreyNoise. “If you’ve previously been targeted, upgrading your firmware will NOT eliminate the SSH backdoor.”
The exploit additionally disables logging, hindering efforts to ascertain whether a router has been compromised.
### Recommended Actions
If you own one of the impacted ASUS models, it is advisable to factory reset your router to ensure it is clean. After resetting, carry out a firmware update. Although an update by itself will not eradicate the infection, updating after a complete reset will assist in preventing future breaches.
At present, there are no reports of successful breaches impacting the other brands specified, so no urgent action is needed for those devices.
For additional information, visit [GreyNoise](https://www.greynoise.io/blog/stealthy-backdoor-campaign-affecting-asus-routers).
