TL;DR: A campaign that hijacked tens of thousands of ASUS routers through multiple vulnerabilities drew global attention to supply chain cyber risk, router exploitation, and third-party exposure, according to SecurityScorecard’s November 2025 STRIKE Threat Intelligence research into Operation WrtHug. The pattern shows how unmanaged edge devices can become durable footholds when governance does not extend to externalised infrastructure and upstream dependencies.
NHIMG editorial — based on content published by SecurityScorecard: November 2025 press coverage on Operation WrtHug, supply chain cyber risk, and related commentary
By the numbers:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities.
Questions worth separating out
Q: What breaks when routers used for remote access are compromised?
A: When a router that carries remote access traffic is compromised, the enterprise can lose trust in the path that authenticates, routes, or observes those sessions.
Q: Why do end-of-life devices increase third-party cyber risk?
A: End-of-life devices increase third-party cyber risk because they often remain in service after patch support ends, leaving organisations dependent on hardware that can no longer be reliably fixed or monitored.
Q: How can security teams tell whether edge-device governance is working?
A: Edge-device governance is working when unsupported devices are retired quickly, externally exposed management interfaces are rare, and every router or gateway has an owner, lifecycle state, and patch status.
Practitioner guidance
- Map edge-device trust dependencies Identify routers, gateways, and similar devices that sit on user, branch, or supplier paths, then document which identity and application flows depend on them.
- Retire or isolate end-of-life hardware Remove unsupported devices from any environment where they can mediate enterprise traffic or admin access.
- Validate session integrity after perimeter compromise After router exposure, review whether VPN, SSO, DNS, and privileged administrative sessions traversed the affected network path.
What's in the full article
SecurityScorecard's full coverage leaves the operational detail for the source:
- Global press roundup showing how different regions framed the same router-hijack campaign and what that means for threat visibility.
- STRIKE Threat Intelligence context on Operation WrtHug, including the scale of ASUS device exposure and the vulnerability chain behind it.
- Supplier and edge-device risk implications that sit beyond the headlines and matter for third-party governance.
- Commentary on holiday shopping scams and breach reporting that extends the article beyond the router case itself.
👉 Read SecurityScorecard's coverage of Operation WrtHug and supply chain cyber risk →
Operation WrtHug and router hijacking: what IAM teams should notice?
Explore further
Third-party risk now includes the network edge, not just the supplier contract. Operation WrtHug shows why organisations that limit third-party risk to software vendors or SaaS access are missing a major exposure class. Routers, gateways, and other edge devices can become untrusted intermediaries even when the rest of the environment is well controlled. Practitioners should treat edge infrastructure as part of the trust perimeter.
A question worth separating out:
Q: Who is accountable when a compromised router affects enterprise access?
A: Accountability usually spans infrastructure, network operations, third-party risk, and security leadership, because the failure crosses asset lifecycle, patch governance, and access assurance. Where the router supported regulated or sensitive access, the organisation must also document how the exposure was discovered, contained, and remediated. The key is to assign ownership before compromise, not after.
👉 Read our full editorial: Operation WrtHug shows how router compromise scales third-party risk