"The Cyclops Blink botnet is now targeting Asus routers in a new wave of cyberattacks... Cyclops Blink, a modular botnet, is suspected of being the creation of Sandworm/Voodoo Bear, a Russian advanced persistent threat (APT) group... The botnet is vast and over 150 past and current command-and-control (C2) server addresses have been traced so far that belong to the network... The modular malware is able to read and write from a device's flash memory, enabling persistence. Trend Micro also says that these functions may allow it to'survive factory resets.'..." https://www.zdnet.com/article/cyclops-blink-botnet-launches-assault-against-asus-routers/
"Justice Department Announces Court-Authorized Disruption of [Cyclops Blink] Botnet Controlled by the Russian Federation’s Main Intelligence Directorate (GRU) The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the U.S. government has previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU). The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command and control (C2) of the underlying botnet. Although the operation did not involve access to the Sandworm malware on the thousands of underlying victim devices worldwide, referred to as “bots,” the disabling of the C2 mechanism severed those bots from the Sandworm C2 devices’ control..." https://www.justice.gov/opa/pr/just...sruption-botnet-controlled-russian-federation
