Recently, thousands of Asus routers have fallen victim to hackers linked to a suspected state group from China. Researchers from SecurityScorecard reported that this attack primarily targets seven Asus router models that are no longer supported or updated with security patches. This lack of support leaves these devices especially vulnerable.
The operation, dubbed WrtHug, raises questions about the hackers’ motives. It seems these compromised routers may be used to create covert networks, similar to what intelligence agencies do for espionage. SecurityScorecard noted, “This level of access allows hackers to use the routers for secretive operations rather than just causing general chaos like traditional botnets.”
Currently, most hacked routers are found in Taiwan, but there are clusters in South Korea, Japan, Hong Kong, Russia, central Europe, and the United States, as shown in a recent heat map.
This type of hacking isn’t new. The Chinese government has been known to build extensive operational relay box (ORB) networks for years. For instance, a 2021 warning from the French government highlighted how the Chinese cyber group APT31 used hacked routers in a broad attack campaign focusing on reconnaissance.
There’s a parallel in Russia, where state-backed hackers have also compromised routers. In 2018, they infected over 500,000 devices with malware named VPNFilter. These incidents underline the persistent threat posed by state-sponsored hacking operations.
With technology evolving, the importance of keeping routers updated cannot be overstated. Experts recommend not only updating to newer models but also protecting your network with strong passwords and security measures. Keeping devices secure today is crucial for safeguarding personal and sensitive information.
For more detailed insights on cyber threats, you can read the SecurityScorecard report here.
