8 April 2022

FBI disrupts massive Sandworm-linked Cyclops Blink botnet that targeted WatchGuard, Asus devices


FBI disrupts massive Sandworm-linked Cyclops Blink botnet that targeted WatchGuard, Asus devices

The US authorities took action against a global botnet known as ‘Cyclops Blink’ comprised of thousands of infected network hardware devices worldwide that was allegedly controlled by the Sandworm advanced persistent threat group (APT) believed to be a unit of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU).

As part of the operation conducted in March 2022, the FBI copied and removed the Cyclops Blink malware from vulnerable internet-connected firewall devices that Sandworm used for command and control of the underlying botnet.

The Cyclops Blink malware has been circulating since June 2019 and appears to be a successor of another Sandworm botnet VPNFilter dismantled in 2018.

Cyclops Blink specifically targets WatchGuard firewall appliances and Asus routers. Both WatchGuard and Asus had released security advisories offering steps to address the issue.

“However, WatchGuard and ASUS devices that acted as bots may remain vulnerable to Sandworm if device owners do not take the WatchGuard and ASUS recommended detection and remediation steps. The department strongly encourages network defenders and device owners to review the Feb. 23 advisory and WatchGuard and ASUS releases,” the US Department of Justice warned in a press release.

“The operation announced today leveraged direct communications with the Sandworm malware on the identified C2 devices and, other than collecting the underlying C2 devices’ serial numbers through an automated script and copying the C2 malware, it did not search for or collect other information from the relevant victim networks. Further, the operation did not involve any FBI communications with bot devices,” the agency added.

Cybersecurity Help statement on the critical situation in Ukraine

On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war! Слава Україні!

Back to the list

Latest Posts

Chinese cyber spies using USB devices to breach targets in Southeast Asia

Chinese cyber spies using USB devices to breach targets in Southeast Asia

The discovered artifacts suggest that the campaign has been ongoing since September 2021
30 November 2022
Spanish police dismantle cybercrime gang that stole €12M via fake banking sites

Spanish police dismantle cybercrime gang that stole €12M via fake banking sites

The malicious operation involved several fraudulent websites disguised as legitimate bank and cryptocurrency investment portals.
30 November 2022
US Cyber Command shares details on its hunt forward operations in Ukraine

US Cyber Command shares details on its hunt forward operations in Ukraine

CYBERCOM described the Ukrainian mission as the “largest hunt forward team” it deployed to date.
30 November 2022