Overview

• Hackers have seized control of more than 9,000 Asus Wi-Fi routers, adding them to a growing botnet.
• GreyNoise’s AI tool sift first detected suspicious router activity in March, leading analysts to uncover the ViciousTrap campaign.
• Attackers exploited a CVE-2023-39780 command injection flaw through brute-force login attempts and authentication bypasses to maintain persistent access.
• Asus issued a firmware update on May 27 that patches the exploited vulnerability but does not remove existing infections.
• Cybersecurity experts advise users to perform factory resets before applying the patch to eliminate stealthy backdoors.