At least 6,000 ASUS routers have reportedly been breached for over 72 hours earlier this March, according to telecommunications analyst Lumen Technologies.
The report indicates that the attack was part of a much bigger cybercrime campaign targeting end-of-life routers and smart devices for several years now.
The supposed hackers, Faceless, were able to infiltrate small home and office networks by injecting vulnerable devices with "TheMoon" malware and disguising it as a redundant file.
Once secretly installed, cybercriminals can easily spy on people's internet activity and steal their IP address, private information, and other personal data.
The exploit's threat level is considered to be high-risk with the increase of cyberattacks bypassing security measures by accessing the victims' Wi-Fi networks.
Lumen estimates that "TheMoon" malware was able to affect more than 40,000 routers and smart devices across 88 countries from January to February 2024 alone.
Cybercriminals, Hackers Increase Use of AI Tools
As it was with other major cyberattacks in recent times, Lumen's report indicates an increasing sophistication in data breach operations thanks to the integration of AI tools on the attacks.
According to the report, the group was able to spread the malware across multiple countries by enabling the help of bots.
Lumen claimed 7,000 new bots are being created daily to further widen Faceless' net of attack.
Microsoft, in collaboration with OpenAI, has already noted the increasing familiarity of hackers, particularly state-sponsored cybercriminals, in chatbots and other deep learning machines for their attacks.
"TheMoon" malware itself has been detected since 2014, supposedly making it much easier to defend in this time and age, and has notably improved through AI modifications.
How to Protect Personal Routers, Devices from Hackers
The best way to avoid falling victim to the ongoing exploit is to upgrade both routers and smart devices.
Lumen noted a clear pattern in Faceless' attacks, only targeting devices that are near their end-of-life cycle where they only receive minimal security updates and have far more vulnerabilities than newer ones.
Another way to secure private data is to use two-way authentication security systems and password-less protections to prevent being deceived easily.
Related Article : Tech Companies Move Toward Password-Less Security Systems, Survey Says