Asus Routers Hacked: How to Check for Breach and Secure Your Device
Over 9,000 routers targeted in advanced botnet campaign — here’s how to protect yourself
Asus Confirms Major Router Breach
Asus has confirmed that over 9,000 of its routers were hacked in a sophisticated cyberattack believed to be carried out by a “well-resourced and highly capable adversary.” Security firm GreyNoise, which discovered the breach on May 18, has warned that the attackers aim to build a botnet by compromising internet-exposed devices.
- The attackers gained unauthorized access through remote services like SSH, which many users unknowingly leave enabled.
- Asus states that the security flaw can be fixed, but it requires immediate user action.
How to Check if Your Asus Router Is Compromised
If you own an Asus router, follow these steps to determine if your device has been breached:
- Log into the router’s admin interface (typically through a browser using
192.168.1.1or similar). - Navigate to “Enable SSH” (commonly under Service or Administration settings).
- Check if port 53282 is enabled with a suspicious SSH public key beginning with
ssh-rsa AAAAB3NzaC1yc2E....
If this key is present or SSH is inexplicably enabled, your router may have been accessed by attackers.
What To Do If Your Router Is Affected
To neutralize the breach and secure your router:
- Perform a factory reset immediately: This is necessary because the malware survives both reboots and firmware updates.
- Update to the latest firmware version after the reset.
- Create a strong administrator password: At least 10 characters, using uppercase, lowercase, numbers, and symbols.
- Remove or disable the SSH entry if visible.
- Block these IP addresses associated with the attack:
101.99.91.151101.99.94.17379.141.163.179111.90.146.237
Recommendations for Older or End-of-Life Asus Routers
If you own an older Asus model that no longer receives firmware updates, Asus advises:
- Install the last available firmware update.
- Disable all remote access services like SSH, DDNS, AiCloud, and Web Access from WAN.
- Use a strong password to minimize future risk.
Importance of Regular Firmware Updates
Asus fixed the CVE-2023-39780 vulnerability with a recent firmware update. Security analysts emphasize the importance of keeping your router’s firmware updated—just like your phone or computer.
- “Check for updates periodically across all internet-connected devices in your home,” says PCMag security analyst Kim Key.
- Treat your router as the first line of defense in your home network and keep it secure year-round.
This breach is a reminder that even mainstream consumer routers are not immune to state-level or advanced persistent threat actors. If you own an Asus router, especially one with exposed remote access features, it’s crucial to take immediate action—or risk being pulled into a global botnet.
