Security researchers have uncovered a widespread hacking campaign targeting Asus routers, with strong indications that the operation may be linked to a Chinese threat group building a large botnet. The campaign, dubbed “WrtHug,” exploits vulnerabilities in outdated or unpatched Asus router models, allowing attackers to gain remote access and deploy custom malware.
Once compromised, the infected routers are added to a growing botnet used for reconnaissance, distributed attacks, and persistence across global networks. Researchers warn that the attackers appear to be constructing a robust infrastructure capable of launching high-volume DDoS attacks, stealing data, and facilitating covert operations.
The malware leverages weaknesses in the router’s firmware, particularly devices still running older versions of AsusWRT or third-party variants. After infiltration, WrtHug disables system logs, hides malicious processes, and maintains long-term control by modifying critical configurations. This makes detection extremely difficult for everyday users and small businesses.
Evidence gathered from command-and-control servers and network activity points toward a China-based threat actor known for targeting consumer-grade network devices to assemble stealthy, large-scale botnets.
Cybersecurity experts advise Asus router owners to immediately update firmware, disable remote administration features, and reset devices to factory settings if suspicious behavior is detected. The WrtHug campaign highlights the growing trend of nation-state actors exploiting home and SOHO routers to build hidden cyber infrastructure capable of supporting espionage and disruption operations.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
