Ethical Hacking News
Thousands of ASUS WRT routers have been compromised in a global campaign called Operation WrtHug, exploiting six vulnerabilities. ASUS has issued security updates to address the issue, urging users to upgrade their firmware and disable remote access features. Stay informed about this emerging threat and take steps to protect yourself.
The internet is a target for cyber threats, including the recent Operation WrtHug campaign targeting thousands of end-of-life ASUS routers. The attackers exploited six vulnerabilities, leaving devices vulnerable to cyber attacks. The campaign is linked to AyySSHush and seems to be leveraging the ASUS AiCloud service to deploy a targeted global intrusion set. The vulnerabilities include CVE-2023-41345/46/47/48, CVE-2024-12912, and CVE-2025-2492, with the latter being the most concerning due to its critical severity score. ASUS has issued security updates, urging router owners to upgrade their firmware and disable remote access features to mitigate the risk. The attackers' tactics are stealthy, attributed to an unknown entity from China, raising suspicions of shared motivations with AyySSHush. Security experts emphasize the importance of staying vigilant and proactive in securing networks and devices.
The internet is a vast and complex network, filled with threats lurking in every corner. Recently, a new campaign dubbed Operation WrtHug has emerged, targeting thousands of end-of-life ASUS routers worldwide. The attackers have exploited six vulnerabilities to gain control over these devices, leaving them vulnerable to cyber attacks.
According to SecurityScorecard's STRIKE researchers, the WrtHug campaign is believed to be linked to another campaign called AyySSHush, first documented by GreyNoise in May. The attackers seem to be leveraging the ASUS AiCloud service to deploy a targeted global intrusion set. This unique approach has captured attention from security experts and researchers alike.
The vulnerabilities exploited by the attackers include CVE-2023-41345/46/47/48 – OS command injection via token modules, CVE-2023-39780 – major command injection flaw, CVE-2024-12912 – arbitrary command execution, and CVE-2025-2492 – improper authentication control that can lead to unauthorized execution of functions. The latter, with a critical severity score, stands out as the most concerning.
ASUS has issued security updates to address all of these vulnerabilities, urging router owners to upgrade their firmware to the latest available version. If the device is no longer under support, users are recommended to replace it or at least disable remote access features. This measures can significantly mitigate the risk posed by the WrtHug campaign.
The attackers' tactics have also garnered attention for their stealthy nature. Unlike previous campaigns that have been linked to countries with well-established cyber threat actors, researchers attribute this attack's origin to an unknown entity from China.
While there is still limited evidence supporting a direct connection between Operation WrtHug and AyySSHush, the striking similarities in tactics employed by both campaigns raise suspicions of shared motivations. The attackers' use of command injection flaws, arbitrary execution, and improper authentication highlights their willingness to push boundaries and exploit vulnerabilities.
In light of this global threat, security experts emphasize the importance of staying vigilant and proactive when it comes to securing networks and devices. Keeping firmware up-to-date, being cautious with unknown connections, and monitoring network activity can all help prevent falling victim to these attacks.
As cybersecurity threats continue to evolve, it is essential for users and organizations alike to stay informed about emerging risks and take necessary precautions to protect themselves.
Related Information:
https://www.ethicalhackingnews.com/articles/New-WrtHug-Campaign-A-Global-Cyber-Threat-Awaits-ehn.shtml
https://www.bleepingcomputer.com/news/security/new-wrthug-campaign-hijacks-thousands-of-end-of-life-asus-routers/
https://nvd.nist.gov/vuln/detail/CVE-2023-41345
https://www.cvedetails.com/cve/CVE-2023-41345/
https://nvd.nist.gov/vuln/detail/CVE-2023-39780
https://www.cvedetails.com/cve/CVE-2023-39780/
https://nvd.nist.gov/vuln/detail/CVE-2024-12912
https://www.cvedetails.com/cve/CVE-2024-12912/
https://nvd.nist.gov/vuln/detail/CVE-2025-2492
https://www.cvedetails.com/cve/CVE-2025-2492/
Published: Wed Nov 19 08:50:38 2025 by llama3.2 3B Q4_K_M
