CYCLOPS BLINK MALWARE INVADES WATCHGUARD PROTECTED SMEs

Urgent Action Required

February 23, 2022 – The CSIA, National Security Agency, and FBI released a Joint Cyber Security Announcement today indicating that Cyclops Blink has been deployed to WatchGuard protected devices.  This particularly insidious malware is thought to emanate from Sandworm, also known as Voodoo Bear, and said to originate from the Russian Main Center for Special Technologies.

Your organization may not be the target but a means to carry out Sandworm’s mission. Cyclops Blink’s modular framework primarily infiltrates smaller network connected devices, beaconing information to infected firmware, and clustering those devices to potentially carry out large-scale attacks against Sandworm’s actual targets. Cyclops Blink uses this extended network’s coordinated list of Command & Control (C2) addresses to communicate.  To date, all known Cyclops Blink exposed C2 IP addresses are associated with WatchGuard firewall protected devices.

WatchGuard, a leader in cutting-edge SME cyber security technology for 25+ years, is working closely with all federal agencies to mitigate damage done to Cyclops Blink infected networks.  Because Cyclops Blink operates under Transport Layer Security using individually generated keys and certificates, the malware persists through reboot and legitimate firmware updates.  WatchGuard has configured tools for detection and removal of Cyclops Blink from infected devices.

Defend your organization’s network against Cyclops Blink today.  JSCM Group has carefully analyzed WatchGuard’s procedures and stands ready to assist with implementation of these measures--overseeing password protection, ensuring secure interface of your network connected devices, and most importantly, minimizing damage to both your clients and organization.  Contact JSCM Group immediately at JSCMGroup.com or 888.897.9680.

For more information regarding Cyber Blink, check out :
US UK Link New Cyclops Blink Malware to Russian Hackers
US UK Expose New Russian Malware Targeting Network Devices
Important Detection and Remediation Actions For Cyclops Blink State-Sponsored Botnet


(888) 897-9680

Charlotte, NC - HQ • Columbia, SC • Raleigh, NC • Kansas City, MO • Philadelphia, PA • Tampa, FL