Thursday, March 24, 2022

New Bot net Linked to Russian group Sandworm attacking ASUS and WatchGuard Devices

 Researchers discovered that Cyclops Blink, a botnet linked to Russian advanced persistent threat group Sandworm, is actively targeting ASUS routers and WatchGuardfirewall appliances. The malware is modular – meaning it can easily be updated to target new devices – and features a specialized module that may allow the malware to read flash memory in order to gather information about critical files, executables, data, and libraries. The malware then receives a command to nest in the flash memory and establish persistence, as this storage space can survive factory resets. Due to the number of indiscriminate targets, analysts assess that the group’s intent behind this iteration of distribution is to build and maintain a botnet infrastructure for future attacks on high-value targets.