Endpoint/Device Security, Security Architecture, Threat Management, Threat Management, Threat Management

Russian-linked botnet targeting Asus routers, other devices

The Cyclops Blink botnet was discovered targeting Asus routers, according to Trend Micro researchers. (“DSC01724” by intdev is marked with CC BY-ND 2.0.)

Trend Micro researchers reported discovering an botnet linked to a Russian state-sponsored advanced persistent threat (APT) group has spread to Asus routers, in addition to WatchGuard devices.

In a March 17 post, the researchers said the Cyclops Blink advanced modular botnet is linked to the state-sponsored APT group known as Sandworm or Voodoo Bear. The researchers said they believed the main purpose of the 150-plus command-and-control servers and bots under Cyclops Blink, which has been around since at least 2019, is to build infrastructure to attack high-value targets.

According to the Trend Micro researchers, the Sandworm APT has an impressive list of of attacks attributed to the group, including attacking the Ukrainian electrical grid in 2015 and 2016, as well as the 2017 NotPetya attack and the 201 7 French presidential campaign, among others.

The group also created the VPNFilter internet of things (IoT) botnet, first discovered targeting routers and storage devices in 2018.

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.