Select Page

ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks.

According to a new report published by Trend Micro, the botnet’s “main purpose is to build an infrastructure for further attacks on high-value targets,” given that none of the infected hosts “belong to critical organizations, or those that have an evident value on economic, political, or military espionage.”

Intelligence agencies from the U.K. and the U.S. have characterized Cyclops Blink as a replacement framework for VPNFilter, another malware that has exploited network devices, primarily small office/home office (SOHO) routers, and network-attached storage (NAS) devices.

Both VPNFilter and Cyclops Blink have been attributed to a Russian state-sponsored actor tracked as Sandworm (aka Voodoo Bear), which has also been linked to a number of high-profile intrusions, including that of the 2015 and 2016 attacks on the Ukrainian electrical grid, the 2017 NotPetya attack, and the 2018 Olympic Destroyer attack on the Winter Olympic Games.

Written in the C language, the advanced modular botnet affects a number of ASUS router models, with the company acknowledging that it’s working on an update to address any potential exploitation –

images from Hacker News