ASUS has recently published a security advisory containing mitigation measures for the Russian-linked Cyclops Blink threat that has affected various of its router models.
Several researchers suspect that Cyclops Blink, a modular botnet, was created by Sandworm/Voodoo Bear, a Russian APT group. In order to accumulate information about high-value targets for further attacks, the botnet’s purpose is to build an infrastructure.
While apart from this, its modularity means its scope is constantly refreshed, and it can exploit a larger range of devices.
The U.K. and the U.S. intelligence agencies identify Cyclops Blink as a successor to VPNFilter, another malware that targets network devices like:-
Several multiple ASUS routers are targeted by the threat actors by exploiting the Cyclops Blink, and this malware allows the threat actors to read the flash memory to collect data about:-
Not only that, even upon receiving a command, the malware is told to nest in the flash memory, which is immutable even after the factory resets.
Since this malware has its root links with the elite hacking group, Sandworm, so, it’s likely possible that in the future, they could target the other router manufacturers as well.
Here below we have mentioned all the affected or vulnerable ASUS routers:-
This malware creates a rule in Netfilter for all the hard-coded TCP ports that are used to communicate with the C&C servers. And under this rule, there are four parameters, and here they are mentioned below:-
However, when all these parameters are initialized, through pipes, they send all the essential information to the Cyclops’ modules, and they contain the following type of data:-
ASUS and WatchGuard devices have been infected with the malware since June 2019 in the following:-
In Europe, hosts associated with a law firm, a mid-sized dental equipment manufacturer in Southern Europe, and a United States plumbing company were affected.
As a result of patches being infrequent and security software not being installed, the Internet of Things devices and routers are becoming lucrative targets for the threat actors.
Due to these vulnerable factors, Trend Micro has warned that this could lead to the formation of “everlasting botnets.”
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Claude AI, developed by Anthropic, has been exploited by malicious actors in a range of…
As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting U.S.…
Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the notorious…
MintsLoader, a malicious loader first observed in 2024, has emerged as a formidable tool in…
Cybercriminals are intensifying their efforts to undermine multi-factor authentication (MFA) through adversary-in-the-middle (AiTM) attacks, leveraging…
A recent investigation by the FortiGuard Incident Response (FGIR) team has uncovered a sophisticated, long-term…