New Delhi: Cyclops Blink which has been identified as a notorious Russian state-sponsored botnet linked to the Sandworm or Voodoo Bear advanced persistent threat (APT) group is now targetting Asus home Wi-Fi routers, according to Japanese antivirus company Trend Micro. The Russian botnet has been lurking around since at least 2019 and has been linked to the 2015 attack against Ukraine's power grid as well as disruptions in the Republic of Georgia and at the 2018 Olympics. Infected devices have been detected in India, the US, Italy, Canada, and even Russia.
"Cyclops Blink, an advanced modular botnet that is reportedly linked to the Sandworm or Voodoo Bear APT group, has recently been used to target WatchGuard Firebox devices according to an analysis performed by the UK’s National Cyber Security Centre (NCSC). We acquired a variant of the Cyclops Blink malware family that targets Asus routers," Trend Micro recently said in a statement.
"This report discusses the technical capabilities of this Cyclops Blink malware variant and includes a list of more than 150 current and historical command-and-control (C&C) servers of the Cyclops Blink botnet. Our data also shows that although Cyclops Blink is a state-sponsored botnet, its C&C servers and bots affect WatchGuard Firebox and Asus devices that do not belong to critical organisations or those that have an evident value on economic, political, or military espionage," the antivirus firm added.
The security researchers at the Japanese antivirus firm mentioned that it is likely that the Cyclops Blink botnet’s main purpose is to build an infrastructure for further attacks on high-value targets and not harming right now. The Cyclops Blink malware was first spotted in February infecting Firebox small-business network-security appliances made by WatchGuard.
Meanwhile, Asus was made aware of the attacks and had earlier said in a statement on its Product Security Advisory page that the company is also looking into Cyclops Blink and taking remediation measures.