"Cyclops Blink Malware Expands to Target Asus"

Security researchers at Trend Micro are warning that the Russian state operatives behind a sophisticated malware campaign are broadening their targets to include Asus and other router manufacturers.  The researchers stated that there are currently 200 victims of the Cyclops Blink malware worldwide.  While it initially targeted WatchGuard appliances, there’s now evidence that the campaign is expanding in a bid to build a botnet capable of further attacks.  That’s because the targets in their own right do not seem to hold any geopolitical, economic, or military advantage for the Russian Sandworm group thought to be behind the campaign.  Cyclops Blink is widely seen as a successor to the prolific VPNFilter malware first exposed in 2018.  The malware is designed to infect routers and other networked devices to steal data or compromise them for further attacks on other targets.  The researchers stated that they strongly believe that there are more targeted devices from other vendors based on their observation.   The researchers noted that this malware is modular in nature, and it is likely that each vendor has different modules and architectures that were thought out well by the Cyclops Blink actors.  The researchers noted that the purpose of this botnet is still unclear.  The researchers do not know whether it is intended to be used for DDoS attacks, espionage, or proxy networks.  The researchers stated that it is evident that Cyclops Blink is an advanced piece of malware that focuses on persistence and the ability to survive domain sinkhole attempts and the takedown of its infrastructure.

Infosecurity reports: "Cyclops Blink Malware Expands to Target Asus"