User routers are always one of the targets of cybercriminals, since it is the device that is permanently connected to the Internet and exposed to all threats. For a few weeks now, many ASUS router users were noticing that outgoing network traffic was shooting up randomly, and during these episodes the processor would go to 100% and the Internet connection would be interrupted. Now it has become known that cybercriminals were exploiting a security flaw in these computers. Do you want to know what happened and everything that is known so far?
Cybercriminals have always set their eyes on users’ routers, and it is the only device exposed to the Internet, so if you have control over them, you could reach the rest of the devices or directly carry out attacks distributed denial of service. If you have an ASUS router, pay close attention, both to detect if your router has been affected, and also to update the firmware.
How do I know if I am affected?
The vast majority of ASUS routers are affected by this vulnerability, for this reason, the manufacturer has released an emergency update for each and every one of the models. When they hack your router, they join it to a botnet, to later carry out DDoS attacks. The symptoms that someone has managed to get into your router are the following:
- The processor is set to 100% randomly, this is when the attack is being carried out on other targets.
- In the traffic monitoring section, you can see that the upload rate is the maximum of our Internet connection.
- During these episodes, the Internet connection is interrupted, because it takes up all the upload bandwidth.
If all this has happened to you recently, you are probably affected and your router has been hacked to join a botnet. It is still unknown how many people are affected, but according to the forums, most users have the RT-AX86U, RT-AX55 and also RT-AX88U models.
How could they get in?
It is still not very clear how they were able to enter, it seems that the attack vector has been the AiCloud service because all the affected users who have commented on the forums had it enabled, by enabling this service the router is accessible through Internet without using VPN. Keep in mind that this service requires authentication, it is possible that users did not have a strong password, and cybercriminals may have carried out brute force or dictionary attacks to try to find out it. Therefore, if you have a strong password you should have no problems, however, our advice is to never have your router exposed to the Internet, always use a VPN like WireGuard or OpenVPN to access securely.
Once they have entered the router, they install malicious software with the aim of joining a botnet via PPTP VPN. We have learned all this from snbforums users who are commenting on the problem in several threads. Once they have joined the botnet, DDoS attacks are carried out, hence high CPU load, high upload speed etc.
Do you have a solution if I haven’t been hacked?
Yes, the manufacturer ASUS has released an emergency update to improve security mechanisms on all models. The improvements they have incorporated in their latest firmwares are:
- Optimized memory management mechanisms, improving system efficiency and stability.
- Data entry and processing validations have been reinforced, further protecting the security of your information.
- The web engine has been improved, it is now faster and security has been improved as well.
- Security issues related to JavaScript have been fixed.
In the ASUS official website You have the security notice, and what are the firmware versions for each model that solves this serious problem.
Do you have a solution if I have already been hacked?
What you should do is perform a firmware update, restore it to factory settings and set a strong password so it doesn’t happen again. And check if the problem has been solved, monitoring both the state of the router processor and the Internet traffic.
Our recommendation is that you update to the latest firmware version as soon as possible, so as not to be vulnerable.
