We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Cyberattackers Exploit Thousands of ASUS Routers to Build Botnet

Cyberattackers Exploit Thousands of ASUS Routers to Build Botnet
Author Image Andrea Miliani
Andrea Miliani First published on May 31, 2025 Cybersecurity Researcher

Researchers from the cybersecurity firm GreyNoise reported this week that an ongoing exploitation campaign is targeting over 9,000 internet-exposed ASUS routers. Cybercriminals gained long-term access by exploiting an undisclosed vulnerability. Experts suggest that attackers were planning on building a robot network (botnet).

According to GreyNoise’s report, the attackers carried out a stealthy and sophisticated operation by using brute-force login attempts and exploiting the CVE-2023-39780 vulnerability — a command injection flaw — to execute system commands on vulnerable devices. The unknown actors enabled SSH access on TCP port 53282 and implanted a backdoor in non-volatile memory (NVRAM), allowing them to maintain remote access even after the device reboots or firmware upgrades.

GreyNoise noticed the unusual, low-profile network activity through their AI-powered analysis tool, Sift, in March and reported it. The researchers confirmed that no malware had been installed, but the operation suggested that the attackers were building a system for a future attack.

This appears to be part of a stealth operation to assemble a distributed network of backdoor devices — potentially laying the groundwork for a future botnet,” states the report.

ASUS patched the vulnerability through its latest firmware update, but it didn’t remove the SSH configuration enabled by the attackers. GreyNoise recommends ASUS router owners check for access on TCP/53282, review unauthorized entries, block the IP addresses listed on the report, and, if the device has been compromised, perform a factory reset and manually reconfigure the router.

As of May 27, nearly 9,000 ASUS routers are confirmed compromised, based on scans from Censys,” wrote GreyNoise. “GreyNoise sensors saw just 30 related requests across three months, demonstrating how quietly this campaign is operating.

Over a year ago, it was revealed that the Russian hacking group APT28 had been exploiting a vulnerability on Cisco routers for six years and managed to deploy malware and spy on users and organizations in Europe and the United States.

About the Author

Andrea is a seasoned tech journalist with a growing passion for cybersecurity, covering cyberattacks, AI breakthroughs, and the latest trends shaping the future of technology.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

This field must contain more than 50 characters

The field content should not exceed 1000 letters

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address