From ASUS router backdoors affect 9K devices, persist after firmware updates:

 

 

The backdoor campaign targets multiple ASUS router models, with GreyNoise initially detecting attack attempts against their emulated ASUS RT-AC3200 and RT-AC3100 firmware profiles, both with “out-of-the-box” configuration settings.

 

The backdoor configuration in these attacks is stored in non-volatile random access memory (NVRAM) rather than the disk, making it resistant to removal via reboots or firmware upgrades.

 

“If a router was compromised before updating, the backdoor will still be present unless SSH access is explicitly reviewed and removed,” GreyNoise stated.  

 

GreyNoise recommends users perform a full factory reset and manual reconfiguration on any device suspected to be compromised. Users can check if their device was compromised by checking for SSH access on TCP/53282 and for unauthorized entries in the authorized_keys file.

 

 

Details and workarounds (including how to identify if compromised and how to remove the backdoor): GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers

 

Not a high risk of automated attacks, but seeing there are quite a few ASUS routers in New Zealand, I recommend you check if the backdoor is present on your device using instructions on that page, update to the latest firmware and factory reset it to ensure the backdoor is gone.