Skip to content

It was around May 2018 that Cisco Talos released a report about the VPNFilter Malware. This malware has exploited several known vendors and it has affected routers and storage devices by using backdoor accounts. Recently, the U.S. and U.K. cybersecurity agencies have exposed that Sandworm or Voodoo Bear, a threat actor, is using a new malware called Cyclops Blink.

This malicious cyber actor was allegedly responsible for the following cyber activities:

  • BlackEnergy disruption of Ukrainian electricity in 2015
  • Industroyer in 2016
  • NotPetya in 2017
  • Winter Olympics and Paralympics attacks in 2018
  • Disruptive attacks against Georgia in 2019

It appears that this destructive malware, Cyclops Blink, is a replacement framework for the VPNFilter. According to the National Cyber Security Centre (NCSC) and Cybersecurity and Infrastructure Security Agency (CISA) advisory, this new malware is a large-scale modular malware framework that affects WatchGuard network devices. The NCSC also emphasized that your organization may or may not be the main target, however, your devices can be used to attack the real targets.

The affected organizations and device owners should follow the Watchguard diagnosis and remediation steps to remove the malware. When your device is infected with Cyclops Blink, you should take the following tips:

  • Replace your old password
  • Do not expose the management interface of your network devices to the internet

Leave a Comment