New Bot net Linked to Russian group Sandworm attacking ASUS and WatchGuard Devices

 Researchers discovered that
Cyclops Blink, a botnet linked to Russian advanced
persistent threat group Sandworm, is actively targeting
routers and
WatchGuardfirewall appliances. The malware is modular – meaning it can easily be
updated to target new devices – and features a specialized module that may
allow the malware to read flash memory in order to gather information about
critical files, executables, data, and libraries. The malware then receives a
command to nest in the flash memory and establish persistence, as this storage
space can survive factory resets. Due to the number of indiscriminate targets,
analysts assess that the group’s intent behind this iteration of distribution
is to build and maintain a botnet infrastructure for future attacks on
high-value targets.