Over 9000 ASUS routers are compromised by the AyySSHush botnet, which also targeting SOHO routers from Cisco, D-Link, and Linksys.

According to experts, the AyySSHush attacks combine brute-forcing login credentials, bypassing authentication, and exploiting an old command injection flaw (CVE-2023-39780) to compromise ASUS routers, including the RT-AC3100, RT-AC3200, and RT-AX55 models.

ASUS has released security updates that address CVE-2023-39780 for the impacted routers and users are recommended to upgrade their firmware as soon as possible.

The experts also published four IP addresses that are associated with malicious activity: 101.99.91[.]151, 101.99.94[.]173, 79.141.163[.]179 and 111.90.146[.]237.

Source: bleepingcomputer.com