03-19-2022 , 02:40 PM
Quote:Multiple ASUS router models are vulnerable to the Russia-linked Cyclops Blink malware threat, causing the vendor to publish an advisory with mitigations for the security risk.
Cyclops Blink is a malware linked to the Russian-backed Sandworm hacking group that has historically targeted WatchGuard Firebox and other SOHO network devices.
The role of Cyclops Blink is to establish persistence for threat actors on the device, allowing them a point of remote access to compromised networks.
Because Cyclops Blink is modular, it can be easily updated to target new devices, constantly refreshing its scope and tapping into new pools of exploitable hardware.
Cyclops Blink now targets ASUS routers
In a coordinated disclosure, Trend Micro warned that the malware features a specialized module that targets several ASUS routers, allowing the malware to read the flash memory to gather information about critical files, executables, data, and libraries.
The malware then receives a command to nest in the flash memory and establish permanent persistence, as this storage space doesn't get wiped even by factory resets.
For more details on the ASUS module of Cyclops Blink, Trend Micro has published a technical writeup today explaining how it works.
Continue reading HERE