Researchers from SecurityScorecard have uncovered a concerning cybersecurity issue involving thousands of Asus routers that have been compromised by a suspected China-backed hacking group. The affected routers, primarily targeting seven specific models no longer supported by Asus, are vulnerable due to a lack of security patches.
This operation, dubbed WrtHug, raises questions about the intentions behind the takeover. While the hackers have maintained a low profile, experts speculate that the compromised devices may be used for covert activities, resembling operational relay box (ORB) networks commonly employed for espionage purposes. The ability to manipulate these routers could grant the threat actors significant control over the affected devices.
The compromised routers are predominantly concentrated in Taiwan, with smaller clusters identified in South Korea, Japan, Hong Kong, Russia, central Europe, and the United States. This incident echoes past instances where state-sponsored groups, such as APT31 from China and Russian-state actors, have leveraged hacked routers for reconnaissance and other clandestine operations.
This revelation underscores the critical importance of cybersecurity vigilance, particularly in the realm of IoT devices like routers. As threat actors continue to exploit vulnerabilities in legacy systems, the need for robust security measures and prompt updates becomes paramount to prevent large-scale compromises and potential security breaches.
Source: Ars Technica