More than 9,000 ASUS routers have been hacked in a months-long cyber campaign that may be part of a plan to build a botnet, researchers say.

Hackers gained access by using a known flaw, tracked as CVE-2023-39780, along with brute-force login attempts. Once inside, they could run system commands and stay in control, even after reboots or firmware updates.

ASUS has released a fix, but any routers that were infected before the update may still have backdoors unless certain settings, like SSH access, are turned off.

Cybersecurity firm GreyNoise first spotted the activity in March. It delayed going public while working with government officials and partners to address the issue.

Another report links the attack to a group called ViciousTrap, which has targeted thousands of devices from other brands, too, including Cisco. Cisco has not issued a fix but has provided instructions to reduce the risk.

Experts warn the goal could be to create a network of hacked devices that attackers can control remotely: “This appears to be part of a stealth operation to assemble a distributed network of backdoor devices — potentially laying the groundwork for a future botnet,” wrote GreyNoise.