Thousands of Asus Routers Have Been Hijacked, But I Wouldn’t Panic Just Yet

You have a leisure Wi-Fi Router Can be hacked according to a new blog post from cyberecurity firm Greynoise.

Tuesday, more than 9,000 ASUS routers were confirmed if the company described as the “ongoing operating campaign”.

Greenoise is following the attack since March 17. In addition, I saw only 30 inquiries about the attack, which shows how much the campaign calms. After the restructures and firmware updates, the attackers also received “after a constant control of the affected devices” and firmware updates.

Although it sounds very terrible, it probably doesn’t need Change your router Yet. Your personal information is not a target in attacks like this. Instead, the attacker uses it as a pawn in a greater game than infected devices.

“Like these concessions, smart cameras or a router, tens of thousands of them have enough calculation power that you can use tens of thousands of them from them,” Yuvraj Agarwal said to CNET.

Compared this to low Mirai Botnet Attack Since 2016, he received websites such as Twitter, Netflix, Reddit and Pinterest since 2016.

“This doesn’t try to compromise your laptop or iPhone, isn’t it? It’s not what it’s not. “Users should ignore several different guarantees to be sensitive to someone to steal their credentials.”

Greenoise did not know exactly what the attack came, but “Tradecraft said a well-welded and highly skillful enemy,” he said.

This Cyber ​​Security and Infrastructure Safety Agency China, Russia, North Korea and Iran called the actors who are probable in similar attacks in the past. Several Wi-Fi routers are immune to such violations. The Cisue keeps a list Weaknesses of well-known exploiting It was observed in the wild and almost every router manufacturer appears there.

“We find things in everything”, “Thomas PACE, former security contractor for the CEO of CyberSecurity Company Netrise and Energy said in the previous interview.

“Problem with CISA Kev [list] If everything is on your list, how good this list is? “The tempo said.” Basically, every telecommunications device on the planet has at least one sensitivity in CISA KEV. “

While observing the attack in March for the first time, Greenoise said they have been waiting for so far so far to date to government and industrial partners.

A representative for Asus rejected CNET’s desire to comment on this story and appealed to me Product Safety Advice page For the latest updates.

What to do if you own Asus Router

In many attacks, the router manufacturer can provide a firmware update that makes sensitivity. However, in this case, after the restraint and the firmware updates, they exploited a security defect, which allows them to keep the rear exit.

“Because this key is added using the official Asus features, this configuration change continues throughout firmware updates” Greenoise Recorded in another post. “If you have previously exploited, the improvement of your firm will not remove SSH Backdoor.”

The steps needed to find out that your router is broken and are corrected potentially – make it – quite technical, so be here with me.

1. Log in to your router firmware program. You can do this by the Asus application or by going http://www.asusrouter.com.
2. Find the “SSH” option under service or management settings.
3. If your router is broken in this campaign, these parameters show that someone can access it using SSH on 53282 Port with SSH Public key

If your router is infected, your next step will be able to update the program immediately. Asus, it made a defect with the latest update to take care of.

If you have a router have They will still be there, even if you update the firmware program. In this case, you should watch these steps to prevent unauthorized access:

1. Disable SSH in service or management settings.
2. Block these four IP addresses: 101.99.91.151, 101.99.94.173, 79.141.163.179 and 111.90.146.237.
3. Restore router to factory settings.
4. Update to the latest software.