Russian Cyclops Blink botnet launches assault against Asus routers
Cybersecurity professionals have detected a campaign involving Cyclops Blink, a modular botnet. The botnet is suspected of being created by the Russian advanced persistent threat actor Voodoo Bear/Sandword. The UK National Cyber Security Centre (NCSC0 released a warning alongside the Federal Bureau of Investigation and the National Security Agency regarding the botnet. The APT is allegedly supported by the Russian General Staff Main Intelligence Directorate (GRU). In addition, Voodoo bear has been linked to the use of BlackEnergy malware against Ukraine’s electricity grid and cyberattacks against Georgia.
Cybersecurity researchers at Trend Micro released a statement this week declaring that the malware is state-sponsored and does not appear to be in active use against targets that would be protecting Russia’s state interests. The botnet is widespread, with over 150 past and current command-and-control server addresses linked to the malicious tool. Trend Micro suspects that the mass of servers could be used to build an infrastructure for further and more damaging attacks.