China-linked hackers hijack thousands of ASUS routers

Security Brief Asia reports that a widespread cyberespionage campaign, dubbed "Operation WrtHug," has compromised thousands of ASUS routers globally, with SecurityScorecard's STRIKE team attributing the activity to a China-linked threat actor.

The campaign has disproportionately targeted users in Taiwan, which accounts for nearly half of all infected devices, while notably avoiding mainland China. The operation exploits end-of-life ASUS router models that no longer receive security updates, leveraging known vulnerabilities in proprietary applications like AiCloud.

A key technical indicator of compromise is the presence of a unique, self-signed TLS certificate with an unusually long 100-year expiration date installed on the hijacked devices. Gilad F. Maizles, a SecurityScorecard researcher, described the operation as a "case study in how nation-state actors are embedding themselves in consumer infrastructure to build stealthy, resilient, global espionage networks."

The campaign's focus on consumer and small office/home office devices reflects a strategic shift by state-backed groups to use widely distributed, hard-to-trace infrastructure for relaying traffic and conducting stealthy operations.