According to US authorities, the Cyclops Blink botnet was controlled by the Russian Federation’s Main Intelligence Directorate (GRU) and had compromised thousands of devices worldwide.
A court-authorized operation against a Russian-controlled botnet infecting hardware devices with Cyclops Blink malware was launched in March 2022 after its detection in February 2022.
The UK and US authorities tracked its operators as the infamous Sandworm group, supposedly affiliated with the Russian GRU’s Main Center for Special Technologies. This group was previously linked to several destructive attacks, such as the infamous NotPetya attack in 2017 and the BlackEnergy campaign in 2015, where Ukraine’s power plants were targeted.
What is Cyclops Blink?
Cyclops Blink is a modular malware believed to be the successor of the VPNFilter botnet. The malware infects internet-connected devices through malicious firmware updates. It currently targets ASUS and WatchGuard devices. Cyclops Blink maintains persistence via the legitimate device firmware update process that’s directly linked to APT groups affiliated with the Russian government.
WatchGuard and ASUS Devices Targeted by Cyclops Blink
The FBI took down a massive botnet of hardware devices in partnership with WatchGuard, and the malware was removed, which had been targeting firewall appliances and SOHO networking devices. It is worth