Multitude of ASUS routers compromised in intricate hacking operation
The cybersecurity world has been shaken by the discovery of a significant and ongoing hacking campaign, dubbed the ASUS router hacking campaign, which has affected over 9,000 ASUS routers and several Cisco devices worldwide. This campaign, linked to the ViciousTrap threat actor, has raised serious concerns in 2025[2][3][5].
**Compromised Devices**
The campaign has targeted more than 9,000 ASUS routers and a number of Cisco routers. These devices are primarily internet-facing edge routers, making them attractive targets for widespread compromise and botnet formation[1][2][5].
**Affected Vulnerabilities**
The attackers have exploited vulnerabilities including CVE-2023-39780, a command injection vulnerability that enables attackers to bypass authentication and execute system commands on compromised routers. In addition to exploiting this vulnerability, attackers have employed brute-force login attempts to gain unauthorized access[2].
The campaign involves leveraging these weaknesses to run unauthorized system commands, effectively hijacking the routers for malicious purposes such as building botnets[2][3].
**Mitigation Strategies**
Researchers and cybersecurity experts recommend a full factory reset of affected routers to completely remove malware infections from compromised devices[4]. It is critical to update router firmware to the latest versions that patch known vulnerabilities, including CVE-2023-39780.
Network administrators should enforce stronger password policies to protect against brute-force login attempts. Monitoring for unusual network traffic or signs of compromise on edge devices can help identify intrusions early. Disabling remote management interfaces if not required can reduce exposure to external attacks.
GreyNoise, a threat intelligence platform, delayed public disclosure of the ASUS router hacking campaign at the request of government officials and industry partners. A Sekoia report links the ASUS router hacking campaign to a threat actor named ViciousTrap.
The hacking campaign may lead to the creation of a botnet. Sekoia researchers linked ViciousTrap to the exploitation of a vulnerability in the web management interface of Cisco Small Business routers, tracked as CVE-2023-20118.
The identity of the hackers behind the campaign is unknown, but their tactics are consistent with those of advanced persistent threat (APT) groups. It is important to note that even if a router was compromised before the firmware was updated, a backdoor will still remain on the devices unless secure shell protocol access is explicitly disabled.
In summary, the ViciousTrap-linked campaign is a sophisticated and sustained effort exploiting known router vulnerabilities and weak authentication to compromise thousands of ASUS and Cisco routers globally. Mitigation involves immediate firmware updates, factory resets, and stronger security practices to prevent further infections and botnet formation[1][2][3][4][5].
- The ViciousTrap-linked cybersecurity campaign, affecting over 9,000 ASUS routers and several Cisco devices, is a testament to the vulnerability of data-and-cloud-computing devices in our increasingly interconnected world, particularly those with weak authentication and outdated firmware.
- In the wake of the ASUS router hacking campaign, it is essential for technology users to prioritize cybersecurity measures, such as keeping devices updated and implementing stronger password policies, to minimize potential attacks on internet-facing edge routers and other vulnerable points in their systems.
