GreyNoise said it detected the campaign in mid-March and held off reporting on it until after the company notified unnamed government agencies. That detail further suggests that the threat actor may have some connection to a nation-state.
The company researchers went on to say that the activity they observed was part of a larger campaign reported last week by fellow security company Sekoia. Researchers at Sekoia said that Internet scanning by network intelligence firm Censys suggested as many as 9,500 Asus routers may have been compromised ViciousTrap, the name used to track the unknown threat actor.
The attackers are backdooring the devices by exploiting multiple vulnerabilities. One is CVE-2023-39780,
→ Continue reading at Ars Technica