Cyclops Blink

Description

(CISA) The NCSC, CISA, the FBI, and NSA, along with industry partners, have now identified a large-scale modular malware framework (T1129) which is targeting network devices. The new malware is referred to here as Cyclops Blink and has been deployed since at least June 2019, fourteen months after VPNFilter was disrupted. In common with VPNFilter, Cyclops Blink deployment also appears indiscriminate and widespread.

The actor has so far primarily deployed Cyclops Blink to WatchGuard devices, but it is likely that Sandworm would be capable of compiling the malware for other architectures and firmware.

Names

Name
Cyclops Blink
CyclopsBlink

Type

Reconnaissance
Backdoor
Downloader
Info stealer
Exfiltration
Botnet

Information

https://www.cisa.gov/uscert/ncas/alerts/aa22-054a
https://www.watchguard.com/wgrd-news/blog/important-detection-and-remediation-actions-cyclops-blink-state-sponsored-botnet
http://blog.talosintelligence.com/2022/02/threat-advisory-cyclops-blink.html
https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers—.html

Mitre Attack

https://attack.mitre.org/software/S0687/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/elf.cyclops_blink

Other Information

Uuid

c097a8f7-313e-4d79-94b1-1f09d3013be7

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

Cyclops Blink

Cyclops Blink

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks