Hackers Use New Malware To Target Firewall Appliances

Top security agencies have warned of a new malware that Russian military hackers use to exploit firewalls, compromise networks and infect with malware.

According to the NCSC, CISA, FBI, and NSA, the malware known as “Cyclops Blink” is linked to Sandworm, an offensive hacking operation previously linked to Russia’s GRU.

Cyclops Blink has special capabilities, including the ability to gain persistent remote access to networks, upload and download files from infected machines, and the ability to add new features to malware that have already been executed.

Further clarification shows that Cyclops Blink persists at reboot and during the legitimate firmware update process.

It essentially targets WatchGuard devices that are reconfigured from the manufacturer’s default settings. This is used to open remote management interfaces to external access.

The NCSC recommended that organizations with devices infected with Cyclops Blink change their passwords. Other advice includes avoiding the exposure of management interfaces of network devices to the Internet and updating the devices.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web