Examples of such stories. Most are brand specific, but it highlights the ongoing activities.

>The campaign, which began escalating on July 30th, 2025, primarily targets Cisco Small Business RV series, Linksys LRT series, and Araknis Networks AN-300-RT-4L2W devices, indicating a coordinated botnet operation exploiting known vulnerabilities in these network appliances.
>The attack infrastructure demonstrates sophisticated command and control (C2) capabilities, with compromised devices being weaponized to conduct reconnaissance activities against potential targets.
https://cybersecuritynews.com/hacked-cisco-small-business-routers-raise/

>9,000 Asus routers compromised by botnet attack and persistent SSH backdoor that even firmware updates can't fix
https://www.tomshardware.com/tech-industry/cyber-security/9-000-asus-routers-compromised-by-botnet-attack-and-persistent-ssh-backdoor-that-even-firmware-updates-cant-fix

>Juniper Warns of Mirai Botnet Targeting Session Smart Routers
https://www.securityweek.com/juniper-warns-of-mirai-botnet-targeting-session-smart-routers/