• Home
  • News
  • AI
  • Cyber
  • GRC
  • Blogs
  • Live CVE
No Result
View All Result
Sumtrix
  • Home
  • News
  • AI
  • Cyber
  • GRC
  • Blogs
  • Live CVE
No Result
View All Result
Sumtrix
No Result
View All Result
Home Latest News

Operation WrtHug Hijacks Tens of Thousands ASUS Routers

Sumit Chauhan by Sumit Chauhan
November 19, 2025
in Latest News, Cyber
Operation WrtHug Hijacks Tens of Thousands ASUS Routers
Share on FacebookShare on Twitter
  • Massive Infection: Tens of thousands of end-of-life ASUS WRT routers compromised worldwide, mainly in Taiwan, the US, and Russia.
  • Exploit Details: Campaign leverages six known CVEs to take control and deploy backdoors via SSH under “Operation WrtHug.”
  • Unique Signature: All infected routers use the same self-signed TLS certificate, expiring 100 years from April 2022.
  • Targeted Models: Includes popular ASUS Wireless Router models such as 4G-AC55U, GT-AX11000, RT-AC1300UHP, among others.
  • Threat Actor Profile: Likely linked to Chinese hacking groups, showing careful expansion and persistent backdoors even after reboots or updates.

SecurityScorecard’s STRIKE team first identified the widespread campaign, noting the attackers chain command injections and authentication bypasses to maintain access. The attack bears similarities with other operations like AyySSHush, LapDogs, and PolarEdge, suggesting possible overlap or links between these China-affiliated groups. Data logs show heavy blocking of non-target regions while focusing on Brazil and Argentina via geo-fencing. Despite the Brazilian origin of much malware, the infection footprint and exposed systems are global.

Administrators should watch for suspicious TLS certificates, unexpected SSH activity, and signs of persistence even after firmware updates on their ASUS WRT routers. Patching vulnerable CVEs, disabling AiCloud access where unneeded, and monitoring traffic can mitigate ongoing risks from this campaign.

More on WrtHug

The Hacker News Report | SecurityScorecard Analysis

Read

No Content Available

Tags: ASUSiot-securitymalwarerouter-security
Previous Post

Phishing in 2025: Key Trends and Future Risks

 Next Post

Cloudflare Outage on November 18, 2025: A Deep Dive by Sumtrix

Sumit Chauhan

Sumit Chauhan

Sumit Chauhan is a dynamic editor at Sumtrix.com, specializing in technology, blogging, and search engine optimization. With a strong grasp of digital trends, Sumit develops diverse content segments covering the latest in tech, comprehensive product reviews, and practical guides. His approach emphasizes clarity, accuracy, and user relevance, progressively expanding the platform’s impact and trust among tech enthusiasts and professionals. Sumit’s dedication to quality content and strategic SEO continually drives Sumtrix’s growth in the competitive digital landscape, making it a reliable resource for readers.

More Articles

App Store Power and Censorship: How Apple and Google Shape Your Digital Future
Latest News

App Store Power and Censorship: How Apple and Google Shape Your Digital Future

Apple’s App Store and Google’s Play Store control the daily digital experiences of billions. Behind the scenes, a growing number...

by Sumit Chauhan
November 19, 2025
Google Sets Sights on Defying Gravity with Antigravity Project
Latest News

Google Sets Sights on Defying Gravity with Antigravity Project

Google is making waves once again with the announcement of "Google Antigravity," an ambitious experiment that seeks to revolutionize the...

by Sumit Chauhan
November 19, 2025
MMaDA-Parallel: Advanced Multimodal Model Revolutionizing Content Generation
AI

MMaDA-Parallel: Advanced Multimodal Model Revolutionizing Content Generation

MMaDA-Parallel is a cutting-edge framework for multimodal content generation that departs from traditional sequential models by enabling parallel processing of...

by Jane Doe
November 19, 2025
The Proxmox Virtual Environment 9.1 is available now
Latest News

The Proxmox Virtual Environment 9.1 is available now

Summary for Easy Reference Proxmox Virtual Environment 9.1 improves usability and security with enhanced high-availability and disaster recovery features. Enhanced...

by Jane Doe
November 19, 2025
Next Post
Cloudflare Outage on November 18, 2025: A Deep Dive by Sumtrix

Cloudflare Outage on November 18, 2025: A Deep Dive by Sumtrix

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Latest News

China Accuses US of Cyberattacks Using Microsoft Email Server Flaws

China Accuses US of Cyberattacks Using Microsoft Email Server Flaws

August 1, 2025
Online Scam Cases Continue to Rise Despite Crackdowns on Foreign Fraud Networks [Myanmar]

Online Scam Cases Continue to Rise Despite Crackdowns on Foreign Fraud Networks [Myanmar]

June 30, 2025
Stay Safe from Ransomware Using Skitnet Malware Techniques

Stay Safe from Ransomware Using Skitnet Malware Techniques

May 20, 2025
MMaDA-Parallel: Advanced Multimodal Model Revolutionizing Content Generation

MMaDA-Parallel: Advanced Multimodal Model Revolutionizing Content Generation

November 19, 2025
Anthropic Blocks AI Misuse for Cyberattacks

Anthropic Blocks AI Misuse for Cyberattacks

August 28, 2025
New VoIP Botnet Targets Routers Using Default Passwords

New VoIP Botnet Targets Routers Using Default Passwords

July 25, 2025
Aflac Incorporated Discloses Cybersecurity Incident

Aflac Incorporated Discloses Cybersecurity Incident

June 20, 2025
Sumtrix.com

© 2025 Sumtrix – Your source for the latest in Cybersecurity, AI, and Tech News.

Navigate Site

  • About
  • Contact
  • Privacy Policy
  • Advertise

Follow Us

No Result
View All Result
  • Home
  • News
  • AI
  • Cyber
  • GRC
  • Blogs
  • Live CVE

© 2025 Sumtrix – Your source for the latest in Cybersecurity, AI, and Tech News.

Our website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.