Operation WrtHug Exposed: The Router Hack You Need to Know

SecurityScorecard’s STRIKE team exposed Operation WrtHug, a suspected China-nexus espionage campaign that infiltrated thousands of ASUS WRT routers—largely end-of-life and unpatched—by chaining publicly known vulnerabilities (including CVE-2023-39780) to create a stealthy global network of Operational Relay Boxes (ORBs). The report highlights a distinctive IOC (identical self-signed TLS certificates with a 100-year expiry), maps the operation’s scale and TTPs, and recommends patching, retiring EoL devices, disabling unused services (e.g., AiCloud), and inspecting logs and home network posture to mitigate the threat.