don’t get kidnapped by voodoo bear
Image by Darwin Laganjon from Pixabay
We are closing in on a full month since Russia invaded Ukraine and the slowing of the associated threats continues. After all, the war is happening online too, and the net cast by state-sponsored Russian hackers is getting wider every day. Whether it’s trying to break into systems to find classified data or worse, Cyberfront is active and has a lot of targets. A recent report from cybersecurity software company Trend Micro about the activity of the recently-named Russian botnet Cyclops Blink is just the latest example.
Trend Micro says Cyclops Blink, which it refers to as a “state-sponsored botnet,” has been around since at least 2019 and is associated with a group CISA called Sandworms or Voodoo Bears. According to CISA, the group has been linked to a 2015 attack against Ukraine’s power grid as well as disruptions to the Republic of Georgia and the 2018 Olympics. With Cyclops Blink, Voodoo Bear is going after devices from several Asus routers, as well as WatchGuard, which makes Firebox network security hardware. But the botnet, Trend Micro writes, isn’t going after “significant organizations, or those that have clear value.” [in] economic, political or military espionage.”
ANDROIDpolice video of the day
It’s not a case of “no harm, no foul” though. The report states that security researchers believe that “it is possible that the main purpose of the Cyclops Blink botnet is to build an infrastructure for further attacks on high-value targets.” Originally, Cyclops Blink was created to infect routers and either use them to steal information or to springboard attacks against other targets. Asus routers with no specific military or political connections can range from less patching and lower-grade to more easily compromised security than those without. The hackers then use the compromised unit to set up a remote access point for a command and control server. Strictly speaking, the random acquisition of equipment with no apparent intelligence value could point to staging for some sort of much larger attack in the future. According to Trend Micro, it also raises the scary prospect of “eternal botnets,” as in machines perennially associated with — like the Borg, but flat and square.
Asus was made aware of the attacks and said in a statement on its product security advisory page on March 17 that the company is also considering Cyclops Blink and is taking remedial measures. It provides a security checklist router owners can follow to toughen up their defenses—as well as a list of all affected units. Cyclops Blink is so insidious that Trend Micro recommends anyone suspecting an infection to basically just get new routers — even a factory reset won’t fix it.
Best streaming devices for your home in 2022
About the Author
Steve Huff (79 articles published)
Steve is the Weekend News Editor for Android Police. He was previously deputy digital editor of Maxim magazine and has written for Inside Hook, Observer and New York Mag. He is the author of two official tie-in books for AMC’s hit “Breaking Bad” prequel, “Better Call Saul”.
Steve Huff. Other Movies-TV Shows