Security News > 2022 > March > New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers

ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks.

Intelligence agencies from the U.K. and the U.S. have characterized Cyclops Blink as a replacement framework for VPNFilter, another malware that has exploited network devices, primarily small office/home office routers, and network-attached storage devices.

Both VPNFilter and Cyclops Blink have been attributed to a Russian state-sponsored actor tracked as Sandworm, which has also been linked to a number of high-profile intrusions, including that of the 2015 and 2016 attacks on the Ukrainian electrical grid, the 2017 NotPetya attack, and the 2018 Olympic Destroyer attack on the Winter Olympic Games.

RT-AC66U B1 firmware under 3.0.0.4.386.xxxx.

RT-AC1900P, RT-AC1900P firmware under 3.0.0.4.386.xxxx.

A second reconnaissance module serves as a channel for exfiltrating information from the hacked device back to the C2 server, while a file download component takes charge of retrieving arbitrary payloads optionally via HTTPS. Since June 2019, the malware is said to have impacted WatchGuard devices and Asus routers located in the U.S., India, Italy, Canada, and Russia.

News URL

https://thehackernews.com/2022/03/new-variant-of-russian-cyclops-blink.html