Suspected Chinese State Group Compromises Thousands of Asus Routers in Global Hacking Spree
Table of Contents
A widespread hacking operation, believed to be orchestrated by a china-state affiliated group, has compromised thousands of Asus routers worldwide, raising concerns about potential espionage and covert operations. The attackers are exploiting vulnerabilities in seven older Asus router models that no longer receive security updates from the manufacturer.
Researchers at SecurityScorecard first identified the campaign, dubbed “WrtHug,” and are currently working to determine the full scope of the compromise and the attackers’ ultimate objectives. The operation highlights the ongoing risk posed by unsupported hardware and the persistent threat of nation-state actors leveraging compromised devices for malicious purposes.
Targeting Unsupported Devices
The hacking spree specifically targets seven Asus router models that have reached their end-of-life and are no longer supported with security patches. This means that known vulnerabilities remain unaddressed, providing an easy entry point for attackers. According to SecurityScorecard, this tactic is a common characteristic of campaigns designed for long-term access and stealth.
“Having this level of access may enable the threat actor to use any compromised router as they see fit,” a SecurityScorecard representative stated.”Our experience with operational relay box (ORB) networks suggests compromised devices will commonly be used for covert operations and espionage, unlike distributed denial-of-service (DDoS) attacks and other types of overt malicious activity typically observed from botnets.”
Echoes of Established Espionage Tactics
The suspected use of compromised routers for espionage is reminiscent of ORB networks, which have been linked to various nation-state actors, including China and russia, for years. These networks allow attackers to mask their true location and identity, making it difficult to trace malicious activity back to its source.
The Chinese government has a documented history of building extensive ORB networks. In 2021, French authorities warned businesses and organizations about a campaign attributed to APT31, a prolific Chinese threat group, that utilized hacked routers for reconnaissance. At least three similar China-operated campaigns were identified in the following year.
Geographic Distribution of Compromised Routers
the compromised routers are not evenly distributed geographically.The highest concentration of infected devices is currently located in Taiwan, with significant clusters also detected in South Korea, Japan, Hong Kong, Russia, central Europe, and the United states.
. A heat map illustrating the precise distribution of compromised devices would further clarify the scope of the operation.
Russian Involvement in Router Hacking
While the current campaign is attributed to a suspected Chinese group,Russia has also been implicated in similar router hacking activities. In 2018, actors linked to the Kremlin infected over 500,000 small office and home routers with the VPNFilter malware.A Russian government group was also independently involved in a router hack reported in 2024.
The ongoing compromise of Asus routers serves as a stark reminder of the importance of
Here’s a breakdown of how the questions are answered within the edited article:
* Why: The hacking operation aims to establish long-term access for espionage and covert operations, leveraging vulnerabilities in unsupported routers.
* Who: A China-
