In 2021, Trend Micro published a technical analysis of VPNFilter, which includes a discussion of how the botnet continues to affect infected systems two years after its discovery. It was also reported to have infected hundreds of thousands of devices. VPNFilter, first discovered in 2018, targeted router and storage devices. The Sandworm APT group has been attributed as creating both Cyclops Blink and the VPNFilter internet of things (IoT) botnet. Cyclops Blink has been around since at least June 2019, and a considerable number of its C&C servers and bots are active for up to about three years. Hence, we believe that it is possible that the Cyclops Blink botnet’s main purpose is to build an infrastructure for further attacks on high-value targets.
Our data also shows that although Cyclops Blink is a state-sponsored botnet, its C&C servers and bots affect WatchGuard Firebox and Asus devices that do not belong to critical organizations, or those that have an evident value on economic, political, or military espionage. We have reached out to Asus regarding our investigation, and they have created a security bulletin that includes a security checklist to help prevent Cyclops Blink attacks, as well as a list of affected Asus products. This list aims to aid cybersecurity defenders in searching for affected devices in their networks and starting the remediation process. This report discusses the technical capabilities of this Cyclops Blink malware variant and includes a list of more than 150 current and historical command-and-control (C&C) servers of the Cyclops Blink botnet. We acquired a variant of the Cyclops Blink malware family that targets Asus routers. ET to include Asus’ security bulletin.Ĭyclops Blink, an advanced modular botnet that is reportedly linked to the Sandworm or Voodoo Bear advanced persistent threat (APT) group, has recently been used to target WatchGuard Firebox devices according to an analysis performed by the UK’s National Cyber Security Centre (NCSC).
Note: This article has been updated on March 17, 2022, 2:00 a.m. With additional insights from Philippe Z Lin
0 kommentar(er)
