A widespread campaign attributed to a threat actor dubbed WrtHug has successfully hijacked tens of thousands of ASUS routers across the globe. The attack specifically targets devices that have reached their End-of-Life (EoL) status, meaning they no longer receive security updates from the manufacturer.

The operation leverages a combination of six known security vulnerabilities present in the ASUSWRT firmware that powers the affected router models. By exploiting these flaws, WrtHug gains control over the vulnerable internet-facing devices.

Attack Methodology and Exploited Flaws

The WrtHug campaign is distinguished by its method of chaining six distinct vulnerabilities to achieve its objective. This multi-pronged approach allows the attackers to compromise a wide range of unpatched ASUS routers. The targeted devices are all running older versions of the ASUSWRT firmware where these security holes have not been patched. The primary targets are routers that are no longer supported by ASUS, leaving them permanently exposed to such attacks without any available recourse for official security fixes.

Global Impact on End-of-Life Hardware

The scale of the campaign is global, with reports indicating that tens of thousands of routers have been compromised worldwide. The focus on EoL hardware highlights a significant risk in the consumer networking space. Once a manufacturer ceases support for a device, it stops receiving firmware updates that patch security vulnerabilities. The WrtHug campaign demonstrates how threat actors actively seek out and exploit these legacy devices, which often remain in operation on networks for years after their official support period has ended.