The USA and the UK have linked the Cyclops Blink malware to the Sandworm group


Law enforcement officials in the United States and the United Kingdom have linked a new malware called Cyclops Blink with the Russian hacker group Sandworm.

Malware was used in attacks on WatchGuard Firebox network security devices and other small office/home office (SOHO) network devices.

“The malware, dubbed Cyclops Blink, appears to be a replacement for the VPNFilter malware discovered in 2018, and its deployment could allow Sandworm to gain remote access to networks. As in the case of VPNFilter, the deployment of Cyclops Blink also seems to be indiscriminate and widespread,” representatives of the UK National Cyber Security Centre (NCSC) said.

According to representatives of WatchGuard, Cyclops Blink could affect about 1% of all active devices of WatchGuard firewalls used by business customers.

According to an analysis by the NCSC, FBI, CISA and NSA, malware also comes with modules specifically designed to upload/download files to and from the command server, steal device information, and update malware. The malware uses legitimate firmware update channels of infected devices to maintain access to compromised systems by introducing malicious code and deploying repackaged firmware images.

WatchGuard works closely with the FBI, CISA and NCSC and has provided tools and recommendations to detect and remove Cyclops Blink on WatchGuard devices using a “non-standard” update process.

Start a discussion …
Source link