Researchers from SecurityScorecard reported a major cyber attack, as a result of which about 50 thousand outdated Asus WRT series routers were attacked. According to them, the activity called Operation WrtHug may be related to Chinese hacker groups.
The attack only targets devices that are no longer receiving security updates. Attackers are using several known vulnerabilities at the same time, including four critical bugs from 2023 and new vulnerabilities from 2024 and 2025. All of them allow you to remotely execute commands on the device.
Most of the infected routers are located in Taiwan and Southeast Asian countries. In mainland China, the United States, Europe and Russia, the number of infections is significantly lower.
Previously, a similar campaign called AyySSHush affected more than 8 thousand Asus routers. Despite similar methods, there is virtually no overlap between the two attacks. Experts believe this could be a developing campaign or two different operations by the same operator, but there is still no solid evidence.
