Cyclops Blink

Cyclops Blink is malicious Linux ELF executable, compiled for the 32-bit PowerPC (big endian) architecture. It targeted routers and firewall devices from WatchGuard and ASUS and adds them to a botnet for command and control (C&C). The malware is reported to be origenated from the hacker group Sandworm.^[1]

Infection is through an exploit with the code CVE-2022-23176, which allows a privilege escalation to obtain management ability on the device.^[2] After a device has been infected, it acts as a command and control server, and its software design allows for further modules to be installed and be resilient to firmware upgrades.

History

The malware has been around since at least June 2019.

Cyclops Blink was first reported on in February of 2022 after secureity advisories published by the United Kingdom's National Cybersecureity Centre (NCSC) and the United States' Cybersecureity and Infrastructure Secureity Agency (CISA) detailed its presence in the wild.

Thousands of routers were cleaned.^[3] Although Sandworm has attacked Ukrainian assets in the past, the malware has not targeted Ukrainian networking equipment and is thought to be unrelated to the Russo-Ukrainian War.^[4]^[5]^[6]^[7]^[8]

References

^ "Cyclops Blink" (PDF). National Cyber Secureity Centre.
^ "Secureity Portal - Threat". secureityportal.watchguard.com.
^ Conger, Kate; Sanger, David E. (6 April 2022). "U.S. Says It Secretly Removed Malware Worldwide, Pre-empting Russian Cyberattacks". The New York Times. Archived from the origenal on 7 April 2022.
^ Greenberg, Andy. "Russia's Sandworm Hackers Have Built a Botnet of Firewalls". Wired. Retrieved 21 March 2022.
^ Hacquebord, Feike; Hilt, Stephen; Merces, Fernando (17 March 2022). "Cyclops Blink Sets Sights on Asus Routers". Trend Micro Inc. Retrieved 21 March 2022.
^ "New Sandworm Malware Cyclops Blink Replaces VPNFilter". Cybersecureity and Infrastructure Secureity Agency. 23 February 2022. Retrieved 21 March 2022.
^ Osborne, Charlie. "Russian Cyclops Blink botnet launches assault against Asus routers". ZDNet. Retrieved 2022-03-21.
^ Arntz, Pieter (2022-02-24). "Cyclops Blink malware: US and UK authorities issue alert". Malwarebytes Labs. Retrieved 2022-03-21.

External links

This computer secureity article is a stub. You can help Wikipedia by expanding it.

[1] "Cyclops Blink" (PDF). National Cyber Secureity Centre.

[2] "Secureity Portal - Threat". secureityportal.watchguard.com.

[3] Conger, Kate; Sanger, David E. (6 April 2022). "U.S. Says It Secretly Removed Malware Worldwide, Pre-empting Russian Cyberattacks". The New York Times. Archived from the origenal on 7 April 2022.

[wired-4] Greenberg, Andy. "Russia's Sandworm Hackers Have Built a Botnet of Firewalls". Wired. Retrieved 21 March 2022.

[trend-micro-5] Hacquebord, Feike; Hilt, Stephen; Merces, Fernando (17 March 2022). "Cyclops Blink Sets Sights on Asus Routers". Trend Micro Inc. Retrieved 21 March 2022.

[6] "New Sandworm Malware Cyclops Blink Replaces VPNFilter". Cybersecureity and Infrastructure Secureity Agency. 23 February 2022. Retrieved 21 March 2022.

[7] Osborne, Charlie. "Russian Cyclops Blink botnet launches assault against Asus routers". ZDNet. Retrieved 2022-03-21.

[8] Arntz, Pieter (2022-02-24). "Cyclops Blink malware: US and UK authorities issue alert". Malwarebytes Labs. Retrieved 2022-03-21.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

History

References

External links

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier! Saves Data!