Security News > 2022 > March > Sandworm APT Hunts for ASUS Routers with Cyclops Blink Botnet

Sandworm APT Hunts for ASUS Routers with Cyclops Blink Botnet
2022-03-18 17:17

The modular botnet known as Cyclops Blink, linked to the same advanced persistent threat behind the NotPetya wiper attacks, is expanding its device targeting to include ASUS routers.

"Our investigation shows that there are more than 200 Cyclops Blink victims around the world. Typical countries of infected WatchGuard devices and ASUS routers are the United States, India, Italy, Canada, and a long list of other countries, including Russia."

Cyclops Blink is the handiwork of the Russian-speaking Sandworm APT, according to Trend Micro - the same group that's been linked to a host of very high-profile state-sponsored attacks, as well as the VPNFilter internet-of-things botnet.

Sandworm's previous botnet, VPNFilter, targeted a wide range of router vendors, including ASUS, D-Link, Huawei, Linksys, MikroTik, Netgear, QNAP, TP-Link, Ubiquiti, UPVEL and ZDE. "We have evidence that other routers are affected too, but as of reporting, we were not able to collect Cyclops Blink malware samples for routers other than WatchGuard and ASUS," according to the analysis.

Organizations can protect themselves from Cyclops Blink attacks by falling back on basic security hygiene, Trend Micro noted, including the use of strong passwords, using a virtual private network, regular firmware patching and so on.

"Performing a factory reset might blank out an organization's configuration, but not the underlying operating system that the attackers have modified. If a particular vendor has firmware updates that can address a Cyclops Blink attack or any other weakness in the system, organizations should apply these as soon as possible. However, in some cases, a device might be an end-of-life product and will no longer receive updates from its vendor. In such cases, an average user would not have the ability to fix a Cyclops Blink infection."


News URL

https://threatpost.com/sandworm-asus-routers-cyclops-blink-botnet/178986/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Asus 438 1 80 104 35 220