ASUS, a Taiwanese electronics company, has issued a warning to users about Cyclops Blink botnet assaults on its routers.
Cyclops Blink was initially revealed last month, when government agencies in the United States and the United Kingdom warned that the threat has been operational since at least 2019, and that it had been employed in indiscriminate attacks since then.
The virus is thought to be the work of the Sandworm threat organisation, which is also known as APT28, Fancy Bear, Sednit, Sofacy, and Voodoo Bear and is thought to be a Russian intelligence unit.
Cyclops Blink is a modular system that allows operators to enhance its capabilities while it is running. It is often deployed after an initial compromise.
The threat was recently discovered targeting ASUS routers, with the company claiming that about 18 device models are targeted in attacks. The attackers appear to have reverse-engineered the WatchGuard Firebox firmware upgrade for exploitation.
The attacks against ASUS devices are presently focused on developing an infrastructure, according to Trend Micro, which emphasises that the state-sponsored botnet does not target important enterprises or those with economic or espionage significance.
“ASUS is investigating and working on a Cyclops Blink remedy and will continue to issue software updates,” the Taiwanese computer company said in a statement.
Users should restore their devices to factory settings, then install the latest firmware upgrades, change the default administrator passwords, and disable the remote management capability, according to ASUS (which is the default).
The business recommends disabling remote access via WAN and returning the router to default settings for users who are unable to install the newest firmware versions available for their devices.
The GT-AC5300, GT-AC2900, RT-AC5300, RT-AC88U, RT-AC3100, RT-AC86U, RT-AC68U, AC68R, AC68W, AC68P, RT-AC66U B1, RT-AC3200, RT-AC2900, RT-AC1900P, RT-AC1900P, RT-AC1900P, RT-AC1900 The latter three have been designated as End-of-Life (EOL).
Devices that are running the most recent firmware versions should be safe from potential hacking attempts.