Granus said it found the campaign in mid -March and that the company stopped notifying it after notifying unknown government agencies. This detail further shows that the danger actor may have something to do with a national state.
Researchers at the company added that the activity that witnessed them was part of a major campaign Reported last week By the fellow security company. Researchers in Sequoia said Internet scanning through a network intelligence firm Sensus has suggested more and more. 9,500 asus routers It may be compromised by the Wisse Trap, used to track an unknown danger actor.
The attackers are supporting the equipment by exploiting a number of weaknesses. Granus said there is a CV-2023-39780, which is a command injection flaw that allows the system commands to be implemented, which ASUS developed in the recent firmware refreshing. The rest of the weaknesses have also been patching, but for unknown reasons, CVE tracking has not been received.
The only way for rotor users to decide is whether their devices are infections or not, to check the SSH settings in the configuration panel. The affected routers will show that the device can be logged in by SSH using a digital certificate using digital certificate.
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAo41nBoVFfj4HlVMGV+YPsxMDrMlbdDZ...
To remove the backdoor, the affected users should remove the key and the port setting.
People can also decide whether they have been targeted if the system Logs shows that they have access to IP addresses 101.99.91.[.]151, 101.99.94[.]173, 79.141.163[.]179, or 111.90.146[.]237. Users of any rotor brand should always make sure that their devices get timely security updates.