How to know if your Asus router is one of thousands hacked by China-state hackers

Massive Hack of Asus Routers Raises Concerns of Covert Operations

Thousands of Asus routers have been compromised by a suspected China-state group, leaving researchers to wonder about the intentions behind this mass hacking operation. According to a report by SecurityScorecard, the hacking spree is primarily targeting seven models of Asus routers that are no longer supported by the manufacturer, meaning they no longer receive crucial security patches.

The affected routers are concentrated in Taiwan, with smaller clusters in South Korea, Japan, Hong Kong, Russia, central Europe, and the United States. SecurityScorecard has dubbed this operation “WrtHug” and suspects that the compromised devices are being used similarly to those found in ORB (operational relay box) networks, which hackers primarily use to conduct espionage and conceal their identity.

Understanding the Threat

Having this level of access may enable the threat actor to use any compromised router as they see fit, according to SecurityScorecard. The experience with ORB networks suggests that compromised devices will commonly be used for covert operations and espionage, unlike DDoS attacks and other types of overt malicious activity typically observed from botnets.

The Chinese government has been caught building massive ORB networks for years. In 2021, the French government warned national businesses and organizations that the APT31—one of China’s most active threat groups—was behind a massive attack campaign that used hacked routers to conduct reconnaissance. Last year, at least three similar China-operated campaigns came to light.

Russian-state hackers have also been caught engaging in similar activities, although not as frequently. In 2018, Kremlin actors infected more than 500,000 small office and home routers with sophisticated malware tracked as VPNFilter. A Russian government group was also independently involved in an operation reported in one of the 2024 router hacks linked above.

As the situation continues to unfold, it is essential to stay informed about the latest developments and take necessary precautions to protect your devices and networks. For more information on this topic, you can visit Here.