Security News > 2022 > February > US, UK link new Cyclops Blink malware to Russian state hackers
New malware dubbed Cyclops Blink has been linked to the Russian-backed Sandworm hacking group in a joint security advisory published today by US and UK cybersecurity and law enforcement agencies.
"The malware dubbed Cyclops Blink appears to be a replacement for the VPNFilter malware exposed in 2018, and its deployment could allow Sandworm to remotely access networks," the UK National Cyber Security Centre said today.
"Cyclops Blink is a malicious Linux ELF executable, compiled for the 32-bit PowerPC architecture. NCSC, FBI, CISA, NSA and industry analysis has associated it with a large-scale botnet targeting Small Office/Home Office network devices," the UK NCSC said in a malware analysis report also published today.
Cyclops Blink uses infected devices' legitimate firmware update channels to maintain access to compromised systems by injecting malicious code and repacking the modified firmware images.
"They have taken advantage of this weakness to enable them to maintain the persistence of Cyclops Blink throughout the legitimate firmware update process."
Additional information on Sandworm's Cyclops Blink malware, including indicators of compromise, and Yara rules and signatures, are available at the end of NCSC's malware analysis report [PDF].
News URL
Related news
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- Uncle Sam outs a Russian accused of developing Redline infostealing malware (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- US warns of last-minute Iranian and Russian election influence ops (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)