Overview
- STRIKE reports roughly 50,000 end-of-life ASUS WRT routers compromised after attackers chained six known flaws: CVE-2023-41345 through -41348, CVE-2024-12912, and CVE-2025-2492.
- Infections cluster in Taiwan and Southeast Asia with limited detections in the United States and Russia and none in mainland China aside from Hong Kong.
- Compromised devices present an identical self-signed TLS certificate on AiCloud with a 100-year expiration from April 2022, providing a clear indicator of compromise.
- Researchers note only seven devices overlapping with the earlier AyySSHush activity despite identical exploit use, and they are still investigating any relationship between the clusters.
- SecurityScorecard recommends patching affected vulnerabilities where possible or replacing unsupported routers to reduce exposure.