Operation WrtHug, The Global Espionage Campaign Hiding in Your Home Router

SecurityScorecard’s STRIKE team reports on “Operation WrtHug,” a large-scale campaign compromising ASUS WRT routers—mainly end-of-life models—via multiple known OS command-injection and authentication vulnerabilities (including CVE-2023-39780 and others) to create a global espionage network of infected devices (over 50,000 observed). A distinctive shared self-signed TLS certificate with a 100-year expiration serves as a tracking IOC; researchers assess low-to-moderate confidence that a China-affiliated actor is conducting an ORB-style operation and advise monitoring legacy devices and applying ASUS mitigations.