New Findings Challenge Attribution in Denmark's Energy Sector Cyberattacks

The cyber attacks targeting the energy sector in Denmark last year may not have had the involvement of the Russia-linked Sandworm hacking group, new findings from Forescout show. The intrusions, which targeted around 22 Danish energy organizations in May 2023, occurred in two distinct waves, one...

Sandworm Team using a new modular malware Cyclops Blink

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The National Cyber Security Centre NCSC in the United Kingdom, the Cybersecurity and Infrastructure Security Agency CISA, the National Security Agency NSA, and the Federal Bureau of Investigation FBI have discovered that the...

FBI Shut Down Russia-linked "Cyclops Blink" Botnet That Infected Thousands of Devices

The U.S. Department of Justice DoJ announced that it neutralized Cyclops Blink, a modular botnet controlled by a threat actor known as Sandworm, which has been attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation GRU. "The operation...

Sandworm APT Hunts for ASUS Routers with Cyclops Blink Botnet

The modular botnet known as Cyclops Blink, linked to the same advanced persistent threat APT behind the NotPetya wiper attacks, is expanding its device targeting to include ASUS routers. Further, it’s likely that the botnet’s purpose is far more sinister than the average Mirai-knockoff’s penchant...

New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers

ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks. According to a new report published by Trend Micro, the botnet's...

Cyclops Blink Sets Sights on Asus Routers

This report discusses the technical capabilities of this Cyclops Blink malware variant that targets ASUS routers and includes a list of more than 150 current and historical command-and-control C&C servers of the Cyclops Blink botnet...

Cyclops Blink malware: US and UK authorities issue alert

According to a joint security advisory published yesterday by US and UK cybersecurity and law enforcement agencies, a new malware called Cyclops Blink has surfaced to replace the VPNFilter malware attributed to the Sandworm group, which has always been seen as a Russian state-sponsored group...

U.S., U.K. Agencies Warn of New Russian Botnet Built from Hacked Firewall Devices

Intelligence agencies in the U.K. and the U.S. disclosed details of a new botnet malware called Cyclops Blink that's been attributed to the Russian-backed Sandworm hacking group and deployed in attacks dating back to 2019. "Cyclops Blink appears to be a replacement framework for the VPNFilter...

Russia’s Sandworm Hackers Have Built a Botnet of Firewalls

Western intelligence services are raising alarms about Cyclops Blink, the latest tool at the notorious group’s disposal...

New Sandworm Malware Cyclops Blink Replaces VPNFilter

Summary The Sandworm actor, which the United Kingdom and the United States have previously attributed to the Russian GRU, has replaced the exposed VPNFilter malware with a new more advanced framework. The United Kingdom's UK National Cyber Security Centre NCSC, the Cybersecurity and Infrastructur...

New Sandworm Malware Cyclops Blink Replaces VPNFilter

The United Kingdom’s National Cyber Security Centre, CISA, the National Security Agency, and the Federal Bureau of Investigation have released a joint Cybersecurity Advisory CSA reporting that the malicious cyber actor known as Sandworm or Voodoo Bear is using new malware, referred to as Cyclops...