Security News > 2022 > March > Cyclops Blink malware sets up shop in ASUS routers

Cyclops Blink malware has infected ASUS routers in what Trend Micro threat researchers say looks like an attempt to turn infected devices into command-and-control servers for future attacks.

ASUS says it's working on a remediation for Cyclops Blink and will post software updates as they become available.

The new modular botnet has ties to Kremlin-backed Sandworm, the criminal group behind the nasty VPNFilter malware in 2018 that targeted routers and storage devices, as well as several high-profile attacks including the 2015 and 2016 attacks on Ukraine's electrical grid, NotPetya in 2017 and the French presidential campaign email leak that same year.

"Our data also shows that although Cyclops Blink is a state-sponsored botnet, its C&C servers and bots affect WatchGuard Firebox and Asus devices that do not belong to critical organizations, or those that have an evident value on economic, political, or military espionage," Trend Micro said.

"Hence, we believe that it is possible that the Cyclops Blink botnet's main purpose is to build an infrastructure for further attacks on high-value targets."

While Cyclops Blink has infected routers from these two hardware providers, "We have evidence that the routers of at least one vendor other than Asus and WatchGuard are connecting to Cyclops Blink C&Cs as well, but so far we have been unable to collect malware samples for this router brand," the security shop said.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/18/cyclops_asus_routers/