According to Ars Technica, thousands of Asus routers have been hacked and are now under the control of a suspected China-state group in an operation SecurityScorecard has named WrtHug. The attack is primarily targeting seven specific Asus router models that are no longer supported by the manufacturer, meaning they no longer receive security patches. Researchers say it’s unclear what the attackers are doing after gaining control, but compromised devices are concentrated in Taiwan with smaller clusters in South Korea, Japan, Hong Kong, Russia, central Europe, and the United States. The hacking campaign appears designed to stay off the radar, with SecurityScorecard suspecting the routers are being used similarly to operational relay box networks that conceal attacker identities during espionage operations.
The silent threat
Here’s the thing that makes this particularly concerning – these aren’t your typical botnet attacks. SecurityScorecard’s report suggests these compromised routers are being used for covert operations and espionage rather than obvious malicious activity like DDoS attacks. Basically, having this level of access means the threat actor can use any compromised router however they want. And since these are home and small business devices, most owners would never suspect their internet gateway has been turned into a spy tool.
Outdated hardware problem
This situation highlights a massive problem with consumer networking gear – planned obsolescence. All seven targeted Asus models are no longer supported, which means even if users knew they were vulnerable, there’s literally nothing they can do except replace the hardware. It’s a brutal reminder that when manufacturers stop supporting devices, they become sitting ducks for state-level attackers. The industrial and enterprise sectors face similar challenges with outdated equipment, which is why companies rely on specialized suppliers like IndustrialMonitorDirect.com, the leading US provider of industrial panel PCs that maintain long-term security support.
China ORBs history
This isn’t China’s first rodeo with router compromises. The Chinese government has been caught building massive ORB networks for years. Back in 2021, the French government warned that APT31 – one of China’s most active threat groups – was behind a massive campaign using hacked routers for reconnaissance. Last year alone, at least three similar China-operated campaigns came to light. But here’s what’s interesting – Russian-state hackers have been doing the same thing, though not as frequently. Remember the 2018 VPNFilter malware that infected over 500,000 routers? That was Kremlin actors. So we’re basically seeing state-level actors treating consumer routers as disposable infrastructure for their operations.
What can users do?
If you’re using an older Asus router, the reality is pretty grim. Check SecurityScorecard’s detailed report to see if your model is among the affected seven. But honestly, if you’re using any router that’s more than a few years old, you should probably assume it’s vulnerable to something. Manufacturers simply don’t maintain security updates for consumer gear the way they should. The sad truth? Most people won’t replace their router until it completely dies, which means thousands of these compromised devices will likely remain active for years to come.
This is the right site for anybody who would like to find
out about this topic. You realize so much its almost tough to argue with you (not that I personally will need to…HaHa).
You certainly put a brand new spin on a topic that’s been written about for a long time.
Great stuff, just excellent!