Over 9,000 ASUS wireless routers have been quietly recruited into what could become a massive botnet operation. The scary part? Your device shows zero signs of compromise while secretly following orders from cybercriminals halfway around the world.

The Silent Takeover That Changes Everything

Security firm GreyNoise discovered this digital heist in March when their AI detected suspicious HTTP requests hitting router endpoints. The attackers exploited CVE-2023-39780—a command injection vulnerability that sounds boring but delivers devastating results.

Here’s where it gets clever: these hackers didn’t just break in and leave. They moved in permanently.

The attackers enabled SSH access on port 53282, planted their encryption keys for future visits, and stored backdoors in NVRAM memory. That’s the type of memory that laughs at your firmware updates and factory resets. They also disabled logging, because why leave evidence when you’re running a professional operation?

Your Network’s New Roommate Problem

Think your router reboots cleared everything? Think again. These backdoors survive restarts, firmware updates, and your frustrated power-cycling sessions. The attackers maintain control through techniques so stealthy that only 30 related requests appeared in global traffic monitoring over three months.

Most compromised users have no idea their home network is now part of someone else’s infrastructure. Your Netflix still streams, your video calls still connect, but your router is quietly taking orders from servers in who-knows-where.

The cybersecurity firm Sekoia linked this campaign to “ViciousTrap”—a threat actor known for exploiting internet-connected devices. While no malware was dropped and no ransom demanded, this feels like prep work for something bigger. This pattern isn’t unique to ASUS; similar vulnerabilities plague smart TVs, security cameras, and AirPlay devices, as well as other IoT devices that share your WiFi password but not your security priorities.

Taking Back Control From Digital Squatters

If you own an ASUS router exposed to the internet, here’s your immediate action plan. Log into your router’s admin panel and check if SSH access is enabled, especially on port 53282. Look for SSH public keys you didn’t add—they’re digital calling cards left by uninvited guests.

Disable any unauthorized SSH access immediately. Update your firmware since ASUS patched CVE-2023-39780, then perform a complete factory reset. Yes, you’ll need to reconfigure everything manually, but that’s the price of evicting digital squatters.

Block these attacker IP addresses: 101.99.91.151, 101.99.94.173, 79.141.163.179, and 111.90.146.237. Consider it digital pest control.

The bigger lesson here? Your home router isn’t just a box that makes WiFi happen—it’s a potential gateway for sophisticated cybercriminals. While you’re worried about your phone’s privacy settings, your router might already be working for the other team. And it’s not just routers—apps like T-Mobile’s T-Life app secretly record your screen, showing just how deeply surveillance can hide in everyday tech. Time to audit every internet-connected device in your home, because if hackers can turn routers into zombies, your smart doorbell might be next.