Cyclops Blink Malware Targets WatchGuard Devices

An advanced piece of malware appears to be linked to Russian hacking groups that may be state-sponsored. The threat, dubbed the Cyclops Blink Malware, appears to have been around since 2019, and it has managed to wreak a lot of havoc over the past few years. According to reports from researchers, the Cyclops Blink Malware might have been used in the creation of botnets through the infection of network devices such as WatchGuard Firefox and Small Office/Home Office.

Allegedly, this malware family shares lots of similarities with another piece of malware that Russian hackers used in 2018 – VPNFilter. However, there is not enough data to determine whether the same Advanced Persistent Threat (APT) group is behind both projects.

The Cyclops Blink Malware has the unique capability to not just drop a few files on the infected device. Instead, it replaces its entire firmware with a malicious copy that packs the payload. This ensures that any updates applied by the user will not end up removing the Cyclops Blink Malware. Furthermore, it also allows the malware to easily persist through reboots, or even factory resets.

Devices infected with the Cyclops Blink Malware are almost under the full control of the criminals. They are able to execute remote commands, modify settings, download files, and much more.

Attacks against Internet-connected devices can be prevented by making sure to use the latest firmware updates, since their purpose is to patch security holes and exploits like the ones that the Cyclops Blink Malware could use.

February 24, 2022