China-linked threat campaign campaign expands across multiple victims
Campaign
Summary
Hide ▲
Show ▼
A China-linked operation called Operation WrtHug has compromised thousands of ASUS WRT routers worldwide, creating an espionage network with potential relay and staging value. The campaign abuses six legacy vulnerabilities to gain elevated privileges and persistence on end-of-life SOHO devices. Many infected routers share the same self-signed TLS certificate, and the victim set includes a heavy concentration in Taiwan. The overlap with AyySSHush suggests a broader, coordinated infrastructure effort.
Related Happenings
Unattributed operators campaign expands across multiple victims
Campaign
First: 19.11.2025 16:35
Last: 19.11.2025 16:35
Sources 1
About this happening:
The **Operation WrtHug** campaign is hijacking **ASUS WRT routers** worldwide by exploiting **six vulnerabilities** and abusing **AiCloud**, creating a large pool of compromised d...
Unattributed operators campaign expands across multiple victims
CampaignAbout this happening: The **Operation WrtHug** campaign is hijacking **ASUS WRT routers** worldwide by exploiting **six vulnerabilities** and abusing **AiCloud**, creating a large pool of compromised d...
ASUS WRT routers legacy AiCloud/OS injection flaws (multiple vulnerabilities)
Vulnerability
First: 19.11.2025 12:20
Last: 19.11.2025 12:20
Sources 1
How related:
The attacks likely exploit vulnerabilities tracked as CVE-2023-41345, CVE-2023-41346, CVE-2023-41347, CVE-2023-41348, CVE-2024-12912, and CVE-2025-2492 for proliferation.
About this happening:
**ASUS WRT routers** and **ASUS AiCloud** are facing **active exploitation** of **six legacy vulnerabilities**, creating **elevated-privilege** and **persistence** risk for **end-...
ASUS WRT routers legacy AiCloud/OS injection flaws (multiple vulnerabilities)
VulnerabilityHow related: The attacks likely exploit vulnerabilities tracked as CVE-2023-41345, CVE-2023-41346, CVE-2023-41347, CVE-2023-41348, CVE-2024-12912, and CVE-2025-2492 for proliferation.
About this happening: **ASUS WRT routers** and **ASUS AiCloud** are facing **active exploitation** of **six legacy vulnerabilities**, creating **elevated-privilege** and **persistence** risk for **end-...
Timeline
-
19.11.2025 12:20 2 articles · 6mo ago
Operation WrtHug compromises thousands of ASUS WRT routers
Campaign Scope UpdateSecurityScorecard said Operation “WrtHug” is a China-linked campaign that has compromised thousands of ASUS WRT routers worldwide to support an espionage network, with up to 50% of victims located in Taiwan. STRIKE linked the compromise chain to ASUS AiCloud and OS injection vulnerabilities, including CVE-2023-41345, CVE-2023-41346, CVE-2023-41347, CVE-2023-41348, CVE-2024-12912, and CVE-2025-2492, and noted a shared self-signed TLS certificate with a 100-year expiration date, overlap with AyySSHush, and seven IPs showing signs of compromise across both operations.
Show sources
- China-Linked Operation “WrtHug” Hijacks Thousands of ASUS Routers — www.infosecurity-magazine.com — 19.11.2025 12:20
- WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide — thehackernews.com — 19.11.2025 15:00