Chuck DarwinThousands of home and small office routers manufactured by Asus
are being infected with a stealthy backdoor that can survive reboots and firmware updates
in an attack by a nation-state or another well-resourced threat actor, researchers said.
The unknown attackers gain access to the devices by exploiting now-patched vulnerabilities,
some of which have never been tracked through the internationally recognized CVE system.
After gaining unauthorized administrative control of the devices, the threat actor installs a public encryption key for access to the device through SSH.
From then on, anyone with the private key can automatically log in to the device with administrative system rights
https://arstechnica.com/security/2025/05/thousands-of-asus-routers-are-being-hit-with-stealthy-persistent-backdoors/
are being infected with a stealthy backdoor that can survive reboots and firmware updates
in an attack by a nation-state or another well-resourced threat actor, researchers said.
The unknown attackers gain access to the devices by exploiting now-patched vulnerabilities,
some of which have never been tracked through the internationally recognized CVE system.
After gaining unauthorized administrative control of the devices, the threat actor installs a public encryption key for access to the device through SSH.
From then on, anyone with the private key can automatically log in to the device with administrative system rights
https://arstechnica.com/security/2025/05/thousands-of-asus-routers-are-being-hit-with-stealthy-persistent-backdoors/
SpaceLifeForm