Russian Sandworm Hackers Resurfaced
Cyclops Blink is the newest malware launched by Russian hackers that have been linked to the Sandworm hacking group backed by Vladimir Putin’s government. The recently discovered malware dubbed Cyclops Blink was revealed in security advisories published by cyber security analysts in the United States, as well as law enforcers in the United Kingdom.
Tracked by law enforcement agencies in both countries, the Sandworm hackers have been busy creating botnets since as far back as June 2019. It has been linked to hacking attacks carried out on Small establishments’ network devices, as well as the WatchGuard Firebox.
Dark Web Hackers Target SOHO
In 2019, the malware was linked to several cybersecurity breaches, targeting Small Office/Home Office (SOHO) networks, which were hacked by dark web backing groups.
Cyber security analysts at the UK National Cyber Security Centre reported that Cyclops Blink is the replacement malware for the now defunct 2018 VPNFilter malware, which was utilized to access private data networks through remote access.
As reported the VPNFilter, and the Cyclops Blink uses the same form of indiscriminate deployment that can quickly spread the malware to targeted individuals or institutions. So far, the dark web hackers’ primary target is WatchGuard devices, but the Russian hackers could use the malware to target other architectures and use with other firmware.
However, WatchGuard’s advisory revealed that the Cyclops Blink malware affects a very small percentage of its firewall devices used by its business clients.
WatchGuard Firmware Updates
Cyber security reports revealed that NCSC, FBI, CISA, and NSA have analyzed the Russian dark web hackers’ malware. The analytic reports confirmed that Cyclops Blink was specifically developed with modules that can upload or download files through a command-and-control server. It also has the potential to collect device information, and even update itself easily.
Cyclops Blink’s parasitic ability allows it to use infected devices’ firmware to access and update channels to compromised systems, which have been injected with a malicious code by redeploying the infected devices’ firmware images.
WatchGuard has informed its clients on how to remove the persistent malware from their devices. The company provided tooling and guidance advisory that helps in the detection and removal of the Cyclops Blink malware on hacked WatchGuard devices.