Russian Cyclops Blink botnet launches assault against Asus routers

blackice

Level 36
Thread author
Verified
Top poster
Well-known
Apr 1, 2019
2,566

The Cyclops Blink botnet is now targeting Asus routers in a new wave of cyberattacks.

Cyclops Blink, a modular botnet, is suspected of being the creation of Sandworm/Voodoo Bear, a Russian advanced persistent threat (APT) group.
Several weeks ago, the UK National Cyber Security Centre (NCSC) and the United States' Cybersecurity and Infrastructure Security Agency (CISA), alongside the NSA and FBI, warned of the botnet's existence.

According to the agencies, the APT is supported by the Russian General Staff Main Intelligence Directorate (GRU) and has been linked to the use of BlackEnergy malware against Ukraine's electricity grid, Industroyer, NotPetya, and cyberattacks against Georgia.


"Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office (SOHO) routers and network-attached storage (NAS) devices," the agencies warned.

This week, cybersecurity researchers from Trend Micro said that while the malware is "state-sponsored", it does not appear to be inactive use against targets that would have Russia's state interests at heart.

The botnet is vast, and over 150 past and current command-and-control (C2) server addresses have been traced so far that they belong to the network.

"If it is suspected that an organization's devices have been infected with Cyclops Blink, it is best to get a new router," Trend Micro added. "Performing a factory reset might blank out an organization's configuration, but not the underlying operating system that the attackers have modified."

The affected product list is below:

  • GT-AC5300 firmware under 3.0.0.4.386.xxxx
  • GT-AC2900 firmware under 3.0.0.4.386.xxxx
  • RT-AC5300 firmware under 3.0.0.4.386.xxxx
  • RT-AC88U firmware under 3.0.0.4.386.xxxx
  • RT-AC3100 firmware under 3.0.0.4.386.xxxx
  • RT-AC86U firmware under 3.0.0.4.386.xxxx
  • RT-AC68U, AC68R, AC68W, AC68P firmware under 3.0.0.4.386.xxxx
  • RT-AC66U_B1 firmware under 3.0.0.4.386.xxxx
  • RT-AC3200 firmware under 3.0.0.4.386.xxxx
  • RT-AC2900 firmware under 3.0.0.4.386.xxxx
  • RT-AC1900P, RT-AC1900P firmware under 3.0.0.4.386.xxxx
  • RT-AC87U (EOL)
  • RT-AC66U (EOL)
  • RT-AC56U (EOL)