Russia’s Sandworm Hackers Have Built a Botnet of Firewalls
Any appearance of a new tool used by Russia's notorious, disruptive Sandworm hackers will raise the eyebrows of cybersecurity professionals braced for high-impact cyberattacks. When US and UK agencies warn of one such tool spotted in the wild just as Russia prepares a potential mass-scale invasion of Ukraine, it's enough to raise alarms.
On Wednesday, both the UK National Cybersecurity Center and the US's Cybersecurity and Infrastructure Security Agency released advisories warning that they—along with the FBI and NSA–have detected a new form of network device malware being used by Sandworm, a group tied to some of the most destructive cyberattacks in history and believed to be a part of Russia's GRU military intelligence agency.
The new malware, which the agencies call Cyclops Blink, has been found in firewall devices sold by networking hardware company Watchguard since at least June 2019. But the NCSC warns that “it is likely that Sandworm would be capable of compiling the malware for other architectures and firmware," that it may have already infected other common network routers used in homes and businesses, and that the malware's “deployment also appears indiscriminate and widespread.”