According to researchers, thousands of Asus routers have been hacked and are under the control of a suspected Chinese state group that has yet to reveal its intentions for the massive compromise.
The hacking wave is primarily or exclusively targeting seven Asus router models, all of which are no longer supported by the manufacturer, meaning they no longer receive security patches, say researchers at SecurityScorecard. said. It is not yet clear what the attackers do after gaining control of the devices. SecurityScorecard named the operation WrtHug.
Stay off the radar
SecurityScorecard said it suspects the compromised devices are being used in a manner similar to those found in ORB (Operational Relay Box) networks, which hackers primarily use to conduct espionage to hide their identities.
“Having this level of access could allow an attacker to use any compromised router at their discretion,” SecurityScorecard said. “Our experience with ORB networks indicates that compromised devices will typically be used for covert operations and espionage, as opposed to DDoS attacks and other types of overt malicious activity typically seen in botnets.”
The compromised routers are concentrated in Taiwan, with small clusters in South Korea, Japan, Hong Kong, Russia, Central Europe and the United States.
Heat map of infected devices.
The Chinese government has been caught for years creating huge networks of ORBs. IN 2021The French government has warned national businesses and organizations that APT31, one of China's most active threat groups, is behind a massive attack campaign that used hacked routers to conduct reconnaissance. Last yearat least three similar Campaigns carried out by China came to light.
Russian government hackers have been caught doing the same thing, although not as often. IN 2018Kremlin actors infected more than 500,000 small office and home routers with the virus. sophisticated malware monitored as VPNFilter. A Russian government group was also independently involved in the operation reported in one of the 2024 router hacks discussed above.
