Ethical Hacking News
A recent operation dubbed Operation WrtHug has compromised tens of thousands of ASUS routers worldwide, forming a large botnet. The attackers exploited six known vulnerabilities in end-of-life ASUS WRT routers, including OS command injection, arbitrary command execution, and improper authentication. All of the compromised devices share a long-lived self-signed TLS certificate valid for 100 years from April 2022. Security experts warn that the infections are appearing across Southeast Asia and Europe, underscoring the global reach of this malicious operation.
Tens of thousands of ASUS routers have been compromised in a global botnet dubbed Operation WrtHug. The attackers are believed to be China-linked actors exploiting six known vulnerabilities for espionage purposes. The devices share a long-lived self-signed TLS certificate, highlighting the risks of using outdated or end-of-life devices. Infections caused by Operation WrtHug have been detected across Southeast Asia and Europe, with 99% of affected systems connected to ASUS AiCloud. Using outdated or end-of-life devices poses a significant threat to organizations and individuals, emphasizing the need for proactive security measures.
In a recent and alarming turn of events, security researchers have discovered a global botnet comprised of tens of thousands of ASUS routers that have been compromised through exploitation of six known vulnerabilities. The operation, dubbed Operation WrtHug, has left many wondering about the scale of the threat and the potential consequences for individuals and organizations alike.
According to experts, the attackers behind Operation WrtHug are believed to be China-linked actors who aim to build a persistent and hidden network for espionage purposes. These malicious actors have been able to exploit six known vulnerabilities in end-of-life ASUS WRT routers, including OS command injection (CVE-2023-41345 to CVE-2023-41348), arbitrary command execution (CVE-2024-12912), and improper authentication (CVE-2025-2492). The attackers have used these vulnerabilities to gain high-level privileges on the compromised devices.
One of the most striking aspects of Operation WrtHug is that all of the compromised devices share a long-lived self-signed TLS certificate valid for 100 years from April 2022. This self-signed certificate has been a point of interest for security researchers, as it highlights the risks associated with using outdated or end-of-life devices in today's digital landscape.
SecurityScorecard researchers have warned that the infections caused by Operation WrtHug are appearing across Southeast Asia and Europe, underscoring the global reach of this malicious operation. The fact that 99% of systems using the compromised self-signed TLS certificate run ASUS AiCloud highlights the severity of the threat, as many devices are unknowingly connected to the botnet.
Furthermore, the use of Nth day vulnerabilities by the attackers has significant implications for organizations and individuals who rely on outdated or end-of-life devices. As security experts have emphasized, simply applying patches to active products is no longer sufficient; instead, it is essential to consider the security of the entire network, including aging devices and services.
ASUS has already taken steps to address all of the vulnerabilities targeted in Operation WrtHug, which is a welcome relief for those affected by this operation. However, the incident serves as a stark reminder of the need for constant vigilance and proactive monitoring in today's digital world.
In conclusion, Operation WrtHug represents a significant threat to global cybersecurity, highlighting the risks associated with using outdated or end-of-life devices. As we move forward, it is crucial that individuals and organizations prioritize security and take steps to protect themselves against such threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Operation-WrtHug-A-Global-Botnet-Emerge-from-Exploited-ASUS-Routers-ehn.shtml
https://securityaffairs.com/184841/cyber-crime/operation-wrthug-hijacks-50000-asus-routers-to-build-a-global-botnet.html
https://nvd.nist.gov/vuln/detail/CVE-2023-41345
https://www.cvedetails.com/cve/CVE-2023-41345/
https://nvd.nist.gov/vuln/detail/CVE-2023-41346
https://www.cvedetails.com/cve/CVE-2023-41346/
https://nvd.nist.gov/vuln/detail/CVE-2023-41347
https://www.cvedetails.com/cve/CVE-2023-41347/
https://nvd.nist.gov/vuln/detail/CVE-2023-41348
https://www.cvedetails.com/cve/CVE-2023-41348/
https://nvd.nist.gov/vuln/detail/CVE-2024-12912
https://www.cvedetails.com/cve/CVE-2024-12912/
https://nvd.nist.gov/vuln/detail/CVE-2025-2492
https://www.cvedetails.com/cve/CVE-2025-2492/
Published: Wed Nov 19 13:53:10 2025 by llama3.2 3B Q4_K_M
