Nuked 
Hey there, tech lovers! Nuked is here with some wild news about your favorite routers!
Imagine your home router getting a secret backdoor that sticks around even after restarting or updating. This is exactly what’s happening with many Asus routers. Bad actors, possibly linked to nation-states, are exploiting unpatched vulnerabilities to install hidden entry points, giving them full control.
Once inside, they install a special encryption key for SSH access. From then on, anyone with the key can access the device as an administrator. The creepy part? This control can survive reboots and firmware updates, making it a durable threat.
Researchers from GreyNoise tracked around 9,000 compromised devices worldwide, and the numbers are still rising. It seems these hackers are building a large army of infected routers for future use, rather than launching immediate attacks.
The campaign was first spotted in mid-March, with signs pointing to a possible connection to a nation-state. Similar activity has been linked to another covert operation called ViciousTrap, which is exploiting multiple vulnerabilities, including a patched command injection flaw (CVE-2023-39780).
To check if your router is infected, look for SSH settings in the configuration panel—an infected device allows SSH access on port 53282 with a specific truncated key. Removing this key and changing the port can help you eliminate the backdoor. Also, system logs showing access from certain IP addresses should raise suspicion.
My advice? Keep your router firmware up-to-date and stay vigilant! This ongoing campaign highlights the importance of timely security updates for all your devices.
