Thousands of hacked Asus routers are under control of suspected China-state hackers

Recent findings reveal that a significant number of Asus routers have fallen victim to a hacking campaign attributed to a suspected state-sponsored group from China. This alarming breach targets seven specific models of Asus routers that are no longer receiving security updates from the manufacturer, leaving them vulnerable to exploitation. Researchers from SecurityScorecard have dubbed this operation 'WrtHug' and are investigating the intentions behind this widespread compromise. As the situation stands, the precise actions taken by the hackers after seizing control of these devices remain uncertain. However, SecurityScorecard suggests that these compromised routers may function similarly to those found in operational relay box (ORB) networks, which are commonly exploited for espionage purposes. The access level gained by these threat actors could allow them to utilize the compromised routers for a variety of clandestine operations. According to SecurityScorecard, past experiences with ORB networks indicate that such devices are often employed for covert activities rather than overt attacks like Distributed Denial-of-Service (DDoS). The geographical distribution of these compromised routers is noteworthy, with a concentration in Taiwan and smaller clusters identified in South Korea, Japan, Hong Kong, Russia, central Europe, and the United States. This incident adds to the growing concerns regarding China's ongoing efforts to establish extensive ORB networks for intelligence gathering. In previous years, the French government issued warnings about APT31, a prominent Chinese threat group, which has orchestrated large-scale attacks using hacked routers for reconnaissance. Furthermore, similar campaigns linked to Chinese state-sponsored actors have emerged in the past year. Notably, Russian state hackers have also been implicated in similar activities, including a high-profile incident in 2018 where over 500,000 routers were infected with a sophisticated malware known as VPNFilter.