Trend Micro researchers reported discovering an botnet linked to a Russian state-sponsored advanced persistent threat (APT) group has spread to Asus routers, in addition to WatchGuard devices.

In a March 17 post, the researchers said the Cyclops Blink advanced modular botnet is linked to the state-sponsored APT group known as Sandworm or Voodoo Bear. The researchers said they believed the main purpose of the 150-plus command-and-control servers and bots under Cyclops Blink, which has been around since at least 2019, is to build infrastructure to attack high-value targets.

According to the Trend Micro researchers, the Sandworm APT has an impressive list of of attacks attributed to the group, including attacking the Ukrainian electrical grid in 2015 and 2016, as well as the 2017 NotPetya attack and the 201 7 French presidential campaign, among others.

The group also created the VPNFilter internet of things (IoT) botnet, first discovered targeting routers and storage devices in 2018.