We are now in 2022, and, as easily predictable, the ongoing war is not being fought only with "traditional" weapons. According to what was declared by Trend Micro, a company operating in the field of computer security and the like, the Cyclops Blink malware discovered in some network infrastructures in recent days seems to come from Russia: the group of hackers, which are supposed to operate in a particularly close to the Kremlin, it could be the same one who was already found guilty of the attack on Ukraine's electricity grid in 2015, as well as having also been present at the 2018 Olympics in Pyeongchang, and would operate under the name of Sandworm / Voodoo Bear. The main objectives of this "state sponsored" botnet seem to be, for some particular reason, ASUS routers, but attacks have also been reported to devices produced by the company WatchGuard, in addition Trend Micro talks about a third brand, which is not openly mentioned as they could not find traces of the malware inside the devices of this specific brand. Although, at least for the moment, no reference has been made to strategic attacks localized in companies and infrastructures of Ukraine, it cannot be excluded that the main purpose of this malware may be, in the not too distant future, to create an infrastructure that hits high-profile targets (government officials, if not the entire Ukrainian state network), at least according to Trend Micro itself.
Obviously ASUS has already run for cover, releasing a press release (as soon as it learned of the problem) in which it claims to be working to protect its users from all the risks involved: it seems, however, that the possible troubles created by this botnet are not from take lightly, since, according to the analysis carried out by the cybersecurity company that discovered it, the malware would have the ability to settle in the raw flash memory of the router in order to survive even any reset, since it is a memory permanent.
CYCLOPS ARTICLE