Cyclops Blink

Malware updated 4 months ago (2024-05-04T19:44:20.344Z)

Download STIX

Preview STIX

"Cyclops Blink" is a type of modular malware that emerged in 2019, designed to target network infrastructure. It was dubbed the "Son of VPNFilter" due to its similarities with the latter campaign. Specifically crafted to run on Linux systems, particularly those with 32-bit PowerPC architecture, Cyclops Blink was used by advanced persistent threat (APT) actors to create dedicated botnets. These botnets primarily consisted of compromised Watchguard and ASUS routers, marking an increase in nation-state hackers' reliance on routers for launching attacks. In 2022, the malware notably targeted Watchguard firewalls and ASUS routers and was attributed to the Russian Sandworm threat group. The botnet, Cyclops Blink, was backed by the Russian GRU and was disrupted by the combined efforts of the FBI and the UK National Cyber Security Centre (NCSC). Despite this disruption, the trend of using routers as launchpads for attacks continued, with instances like VPNFilter, Cyclops Blink, and KV-botnet signaling an ongoing issue. The impact of Cyclops Blink extended beyond its initial targets. For example, in May, attacks against Danish energy firms exploited a Zyxel firewall vulnerability, involving an IP address associated with the Katana Mirai botnet. This was after the disruption of the Cyclops Blink botnet used by Russian hackers. Furthermore, researchers discovered that the IP used in these attacks previously belonged to Cyclops Blink, suggesting a potential connection between different threat campaigns.

Description last updated: 2024-05-01T13:16:02.580Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Botnet

Apt

Fbi

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Sandworm	Unspecified	2	Sandworm, a Russia-linked threat actor group, has been implicated in a series of significant cyber-attacks targeting Ukraine's infrastructure. The group successfully compromised 11 Ukrainian telecommunication providers, demonstrating their extensive capabilities and the broad reach of their operatio

Source Document References

Information about the Cyclops Blink Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Trend Micro	4 months ago	Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks
CERT-EU	6 months ago	DOJ Dismantles Russian Botnet Responsible for Hacking Millions of Connected Devices
CERT-EU	6 months ago	The 3 most common post-compromise tactics on network infrastructure
CERT-EU	6 months ago	Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	8 months ago	Report: Sandworm hackers unlikely involved in Denmark cyberattacks
CERT-EU	8 months ago	Sandworm probably wasn’t behind Danish critical infrastructure cyberattack, report says
CERT-EU	8 months ago	Infographic: A History of Network Device Threats and What Lies Ahead
CERT-EU	8 months ago	Infographic: A History of Network Device Threats and What Lies Ahead \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	a year ago	AWS’ MadPot Honeypot Operation Corrals Threat Actors
CERT-EU	a year ago	AWS security exec talks secret threat intel tool MadPot
CERT-EU	a year ago	FBI director urges private sector to work with the agency on cyber threats
InfoSecurity-magazine	a year ago	#mWISE: FBI Director Urges Greater Private-Public Collaboration
CERT-EU	a year ago	DOJ Launches Cyber Unit to Prosecute Nation-State Threat Actors
CSO Online	2 years ago	Attacks on industrial infrastructure on the rise, defenses struggle to keep up
CERT-EU	2 years ago	資料破壞軟體
Securityaffairs	a year ago	Microsoft sheds light on a year of Russian hybrid warfare in Ukraine
CERT-EU	a year ago	路由器
CERT-EU	a year ago	How the US Government is Fighting Back Against Ransomware \| #ransomware \| #cybercrime – National Cyber Security Consulting
CERT-EU	a year ago	To combat cybercrime, US law enforcement increasingly prioritizes disruption
CERT-EU	a year ago	FBI disrupts sophisticated Russian cyberespionage operation