Thousands of Asus routers have been hacked and are under the control of a suspected China-state group that has yet to reveal its intentions for a large-scale compromise, researchers said.
SecurityScorecard researchers said the hacking spree is either primarily or exclusively targeting seven models of Asus routers, all of which are no longer supported by the manufacturer, meaning they no longer receive security patches. So far, it is unclear what the attackers do after gaining control of the devices. SecurityScorecard has named the operation WrtHug.
stay off the radar
SecurityScorecard said it suspected the compromised devices were being used in a manner similar to those found in ORB (operational relay box) networks, which hackers primarily use for spying while hiding their identities.
“Having this level of access would enable a threat actor to access any compromised router,” SecurityScorecard said. “Our experience with the ORB network suggests that compromised devices will typically be used for covert operations and espionage, as opposed to the DDoS attacks and other types of overt malicious activities typically seen from botnets.”
The compromised routers are concentrated in Taiwan, with smaller clusters in South Korea, Japan, Hong Kong, Russia, Central Europe, and the United States.
Heat map of infected devices.
Heat map of infected devices.
The Chinese government has been caught building large-scale ORB networks for years. In 2021, the French government warned national businesses and organizations that APT31 – one of China’s most active threat groups – was behind a large attack campaign that used hacked routers for reconnaissance. At least three similar China-run campaigns came to light last year.
Russian-state hackers have also been caught doing the same thing, although not as often. In 2018, Kremlin actors infected more than 500,000 small office and home routers with sophisticated malware tracked as VPNFilter. A Russian government group was also independently involved in an operation reported in one of the 2024 router hacks linked above.