Digital Event Horizon
Thousands of Asus routers have been hacked by a suspected China-state group, leaving users vulnerable to various forms of cyber attacks. The hacking spree, dubbed "WrtHug," primarily targets seven models of Asus routers that are no longer supported by the manufacturer.
Thousands of Asus routers have been compromised by a suspected China-state group, leaving users vulnerable to various forms of cyber attacks. The hacking spree, dubbed "WrtHug," primarily targets seven models of Asus routers that are no longer supported by the manufacturer. The attackers used a sophisticated tactic to gain access to these devices through exploiting vulnerabilities in Asus's proprietary service, AICloud. The compromised devices can be easily accessed and controlled remotely, making them ideal targets for malicious actors. Experts recommend users prioritize their IoT security by replacing end-of-life routers with newer models that receive regular security updates.
As the threat landscape continues to evolve, a recent discovery has shed light on the vulnerabilities of internet of things (IoT) devices, particularly those manufactured by well-known companies like Asus. According to a report by SecurityScorecard, thousands of Asus routers have been compromised by a suspected China-state group, leaving users vulnerable to various forms of cyber attacks.
The hacking spree, which has been dubbed "WrtHug," primarily targets seven models of Asus routers that are no longer supported by the manufacturer, meaning they no longer receive security patches. This leaves these devices exposed to potential exploitation, making them ideal targets for malicious actors. The compromised devices are concentrated in Taiwan, with smaller clusters found in South Korea, Japan, Hong Kong, Russia, central Europe, and the United States.
The attackers have used a sophisticated tactic to gain access to these devices, by exploiting vulnerabilities in Asus's proprietary service, AICloud. This allows them to open a dialog box on connected devices that instructs users to install a self-signed TLS certificate. The attackers have designed this certificate with an expiration year of 2122, a lengthy time span that valid certificates would never have. Both the issuer and subject in the certificate list CN=a,OU=a,O=a,L=a,ST=a,C=aa, indicating a malicious intent.
The WrtHug campaign uses functionality provided by AICloud to perform kernel-level changes without deploying any payload on the device. Instead, they rely on exploiting vulnerabilities to cause direct OS changes. This approach allows them to gain administrative access to the device at the same level as the device owner, which is a significant security concern.
The ease with which these devices can be compromised highlights the need for users to prioritize their IoT security. As experts point out, people using end-of-life routers and other IoT devices should strongly consider replacing them with newer models that receive regular security updates. Disabling AICloud, remote administrator capabilities, SSH, UPnP, port forwarding, and other unnecessary services is also a good precaution, even for users of other router models.
The recent discovery of the WrtHug campaign serves as a reminder of the importance of staying vigilant in the face of emerging threats. As the threat landscape continues to evolve, it is crucial that users remain informed about potential vulnerabilities and take steps to protect their devices from cyber attacks.
Thousands of Asus routers have been hacked by a suspected China-state group, leaving users vulnerable to various forms of cyber attacks. The hacking spree, dubbed "WrtHug," primarily targets seven models of Asus routers that are no longer supported by the manufacturer.
Related Information:
https://www.digitaleventhorizon.com/articles/Asus-Router-Hack-Thousands-Infected-by-China-State-Group-Amidst-Rising-Concerns-Over-IoT-Security-deh.shtml
https://arstechnica.com/security/2025/11/thousands-of-hacked-asus-routers-are-under-control-of-suspected-china-state-hackers/
https://www.youtube.com/watch?v=KhBMemCa5pQ
Published: Fri Nov 21 17:50:47 2025 by llama3.2 3B Q4_K_M
