Russian Cyclops Blink botnet launches assault against Asus routers

Summary:

Cyclops Blink, a modular botnet, is suspected of being the creation of Sandworm/Voodoo Bear, a Russian advanced persistent threat (APT) group. While robust passwords help you secure your valuable online accounts, hardware-based, two-factor authentication takes that security to the next level. Several weeks ago, the UK National Cyber Security Centre (NCSC) and the United States' Cybersecurity and Infrastructure Security Agency (CISA), alongside the NSA and FBI, warned of the botnet's existence. According to the agencies, the APT is supported by the Russian General Staff Main Intelligence Directorate (GRU) and has been linked to the use of BlackEnergy malware against Ukraine's electricity grid, Industroyer, NotPetya, and cyberattacks against Georgia. "Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office (SOHO) routers and network-attached storage (NAS) devices," the agencies warned. The botnet is vast, and over 150 past and current command-and-control (C2) server addresses have been traced so far that they belong to the network. (Source: ZDNet)

Additional Discussion:

Link:

• https://www.asus.com/content/ASUS-Product-Security-Advisory/
• https://www.zdnet.com/article/cyclops-blink-botnet-launches-assault-against-asus-routers/