Cyclops Blink botnet by Russian hackers attacks Asus routers worldwide

Android malware

We are approaching a full month since Russia invaded Ukraine. The war is also taking place online, and the web of Russian state-sponsored hackers is growing by the day. Whether they're trying to break into systems for classified data or worse, the cyber front is active and the targets are many. A recent report by cybersecurity software company Trend Micro on the activities of the Russian botnet, ominously named Cyclops Blink, is just the most recent example.

According to Trend Micro, Cyclops Blink, described as a "state-sponsored botnet," has been active since at least 2019 and is associated with a group CISA has dubbed the Sandworm or Voodoo Bear. According to CISA, the group has been linked to an attack on Ukraine's power grid in 2015, as well as disruptions in the Republic of Georgia and at the 2018 Olympics. With Cyclops Blink, Voodoo Bear appears to be targeting a range of Asus routers, as well as devices from WatchGuard, the maker of Firebox network security hardware. However, according to Trend Micro, the botnet does not target "critical organizations or those that have obvious value for commercial, political, or military espionage."

The report goes on to say that the security researchers "think it's possible that the main purpose of the Cyclops Blink botnet is to build an infrastructure for further attacks on high-level targets." Basically, Cyclops Blink was designed to infect routers and using them either to steal information or as a springboard for attacks on other targets. Asus routers without particular military or political connections are more vulnerable to attack due to infrequent patches and little to no security. Hackers then use this device to set up remote access points for command and control servers. The seemingly indiscriminate takeovers of devices that have no clear intelligence value could indicate a much larger attack is planned in the future. According to Trend Micro, there is also the uncanny possibility of "perpetual botnets," meaning machines that are constantly connected to each other.

Asus was made aware of the attacks and on March 17 stated on its Product Security Advisory page that the company is also investigating Cyclops Blink and is taking remedial action. Asus provided a security checklist that router owners can follow to improve their protection, as well as a list of all affected devices. Cyclops Blink is so insidious that Trend Micro advises anyone who suspects an infection to simply get a new router—even a factory reset won't fix the problem.

Trend Micro

The post Russian Hackers' Cyclops Blink Botnet Attacks Asus Routers Worldwide appeared first on xiaomist's blog .


Popular posts from this blog

What is VoLTE and how can you activate it on your Xiaomi

So you can check the battery status of your Xiaomi smartphone and how many cycles you have performed

How to exit the FASTBOOT mode of your Xiaomi if you have entered accidentally

Does your Xiaomi charge slowly or intermittently? So you can fix it

Problems with Android Auto and your Xiaomi? So you can fix it

If your Xiaomi disconnects only from the WiFi it may be because of that MIUI setting

How to change the font in MIUI and thus further customize your Xiaomi: so you can change the type, color and size of the letters of MIUI

What is the Safe Mode of your Xiaomi, what is it for and how can you activate it

Improve and amplify the volume of your Xiaomi and / or headphones with these simple adjustments

How to activate the second space if your Xiaomi does not have this option