IT and Business Insights for SMB Solution Providers

New Bot net Linked to Russian group Sandworm attacking ASUS and WatchGuard Devices

 Researchers discovered that Cyclops Blink, a botnet linked to Russian advanced persistent threat group Sandworm, is actively targeting ASUSrouters and WatchGuardfirewall appliances. The malware is modular – meaning it can easily be updated to target new devices – and features a specialized module that may allow the malware to read flash memory in order to gather information about critical files, executables, data, and libraries. The malware then receives a command to nest in the flash memory and establish persistence, as this storage space can survive factory resets. Due to the number of indiscriminate targets, analysts assess that the group’s intent behind this iteration of distribution is to build and maintain a botnet infrastructure for future attacks on high-value targets.

About the Author

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.