In 2018, the UK National Cyber Security Centre (NCSC) discovered a new malware called VPNFilter that attacked network devices. It discovered that Sandworm was behind it, a hacking group that they believe is linked somehow to the Russian military. Well, it seems like they’ve upgraded the framework and a new version called Cyclops Blink is going viral, so to speak.
The NCSC issued an alert two days ago with full details on the new malware. It appears as if Cyclops blink has actually been active since 2019 and they’ve only recently been able to identify it. We don’t believe it’s a coincidence that the upgrade began shortly after the NCSC exposed VPNFilter to the public and protective measures appeared.
The initial deployment of the new Sandworm malware appears to be on WatchGuard devices. However, the NCSC warns that the framework could start infecting other system architecture. There’s a complete analysis report on Cyclops Blink you can read that will give you a proper overview if cybersecurity is your forte.
The scary part is that it deploys as part of a firmware update. That means the malware will remain on your PC even if you reboot it or try to replace your operating system. In essence, it’s similar to the MoonBounce malware that infects the UEFI firmware. Cyclops Blink can break through most firewalls in this way and may even bypass your antivirus protocols.
If you do end up with this Sandworm malware on your network, it doesn’t mean you are the primary victim they’re after. It infection spreads quickly to other systems, which means your device may be an indirect consequence of the initial attack. Let’s hope Windows 11 and the new Firefox and Chrome version 100 browsers are ready for it should it spread further.
