Russia-linked Sandworm reportedly has retooled with 'Cyclops Blink'

Written by
Feb 23, 2022 | CYBERSCOOP

A long-running hacking group associated with Russian intelligence has developed a new set of tools to replace malware that was disrupted in 2018, according to an alert Wednesday from the U.S. and U.K. cybersecurity and law enforcement agencies.

The advanced persistent threat group, known primarily as Sandworm, is now using a “large-scale modular malware framework” that the agencies call Cyclops Blink. Western governments have blamed Sandworm for major incidents such as the disruption of Ukraine’s electricity grid in 2015, the the NotPetya attacks in 2017 and breaches of the Winter Olympics in 2018.

Cyclops Blink has largely replaced the VPNFilter malware in Sandworm’s activities since at least June 2019, said the joint alert from the U.K.’s National Cyber Security Centre (NCSC), and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI in the U.S. The NCSC also issued a separate analysis paper on Cyclops Blink.

The announcement arrives as one of Sandworm’s primary targets, Ukraine, faces a Russian invasion force within its borders. With that threat as a backdrop, U.S. and U.K. agencies hurried last week to attribute DDoS incidents against banking and government websites

Read More: