Sandworm-linked botnet has another piece of hardware in its sights

Written by
Mar 17, 2022 | CYBERSCOOP

Botnet activity that drew loud warnings last month from U.S. and U.K. cybersecurity agencies has expanded to a second type of hardware, according to researchers at Trend Micro.

The CyclopsBlink malware is now targeting routers from hardware maker ASUS, the researchers said Thursday, after first being discovered on Firebox devices from WatchGuard. Both manufacturers have issued security bulletins to customers.

The U.K. National Cyber Security Centre and the U.S. Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI linked the botnet to the state-backed Russian advanced persistent threat (APT) group known as Sandworm.

Although those attackers have been blamed in numerous major incidents, researchers so far have not tied CyclopsBlink to any high-profile targets. For now, the botnet seems to be oriented toward propagating itself, in part by turning compromised devices into command-and-control (C&C) servers for other bots, Trend Micro said.

“Our data also shows that although Cyclops Blink is a state-sponsored botnet, its C&C servers and bots affect WatchGuard Firebox and Asus devices that do not belong to critical organizations, or those that have an evident value on economic, political, or military espionage,” Trend Micro said. “Hence,

Read More: