Security News > 2022 > February > US, UK link new Cyclops Blink malware to Russian state hackers
New malware dubbed Cyclops Blink has been linked to the Russian-backed Sandworm hacking group in a joint security advisory published today by US and UK cybersecurity and law enforcement agencies.
"The malware dubbed Cyclops Blink appears to be a replacement for the VPNFilter malware exposed in 2018, and its deployment could allow Sandworm to remotely access networks," the UK National Cyber Security Centre said today.
"Cyclops Blink is a malicious Linux ELF executable, compiled for the 32-bit PowerPC architecture. NCSC, FBI, CISA, NSA and industry analysis has associated it with a large-scale botnet targeting Small Office/Home Office network devices," the UK NCSC said in a malware analysis report also published today.
Cyclops Blink uses infected devices' legitimate firmware update channels to maintain access to compromised systems by injecting malicious code and repacking the modified firmware images.
"They have taken advantage of this weakness to enable them to maintain the persistence of Cyclops Blink throughout the legitimate firmware update process."
Additional information on Sandworm's Cyclops Blink malware, including indicators of compromise, and Yara rules and signatures, are available at the end of NCSC's malware analysis report [PDF].
News URL
Related news
- Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (source)
- North Korean hackers exploit VPN update flaw to install malware (source)
- Russian-Linked Hackers Target Eastern European NGOs and Media (source)
- Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web (source)
- US warns of Iranian hackers escalating influence operations (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- Russian laundering millions for Lazarus hackers arrested in Argentina (source)
- New Tickler malware used to backdoor US govt, defense orgs (source)
- New Tickler malware used to backdoor US govt, defense orgs (source)
- US offers $2.5 million reward for hacker linked to Angler Exploit Kit (source)