Is Your Asus Router Hacked? Check for China-State Cyber Threat
▼ Summary
– Thousands of Asus routers have been hacked and are controlled by a suspected China-state group with unknown intentions.
– The attack targets seven unsupported Asus router models that no longer receive security patches from the manufacturer.
– Compromised routers are likely being used for covert operations and espionage, similar to ORB networks, rather than overt attacks like DDoS.
– Infected devices are concentrated in Taiwan, with smaller clusters in South Korea, Japan, Hong Kong, Russia, central Europe, and the United States.
– Chinese and Russian state hackers have previously conducted similar router compromise campaigns for espionage purposes.
A significant cybersecurity incident has emerged, with researchers identifying a widespread compromise of Asus routers believed to be orchestrated by a state-sponsored group linked to China. The ongoing campaign, designated “WrtHug” by the security firm SecurityScorecard, has already impacted thousands of devices. The primary targets are seven specific Asus router models that have reached their end-of-life, meaning they no longer receive critical firmware updates or security patches from the manufacturer. This vulnerability leaves them exposed to exploitation, though the ultimate purpose of the breach remains unclear.
Security experts suspect the compromised routers are being integrated into what are known as operational relay box (ORB) networks. These networks are frequently employed by sophisticated threat actors to conduct espionage activities while effectively masking their true origin. By hijacking these home and office devices, attackers gain a powerful foothold to carry out covert operations without drawing immediate attention. This approach differs from more overt attacks, such as launching distributed denial-of-service (DDoS) campaigns, and is instead focused on intelligence gathering and stealth.
The geographical distribution of the infected devices shows a heavy concentration in Taiwan, with additional notable clusters detected in South Korea, Japan, Hong Kong, Russia, central Europe, and the United States. This pattern suggests a targeted effort with specific regional priorities.
The use of compromised networking equipment for state-level espionage is not a new tactic for Chinese cyber units. For years, intelligence agencies have documented Beijing’s efforts to build extensive ORB networks. In 2021, French authorities alerted businesses and organizations about a massive reconnaissance campaign attributed to APT31, a highly active Chinese threat group that leveraged hacked routers. The following year saw the disclosure of at least three additional, similar campaigns operated by China.
While this activity is prominently associated with Chinese state actors, Russian government hackers have also been known to employ comparable strategies, albeit less frequently. A notable example from 2018 involved Kremlin-linked actors infecting over half a million home and small office routers with the sophisticated VPNFilter malware. More recently, a Russian state group was independently implicated in one of the router compromise campaigns reported earlier in 2024.
(Source: Ars Technica)
