Ukraine is the target of a new Cyclops Blink malware attack

Russia began its invasion of Ukraine on Thursday morning, and, as expected, the physical attacks were preceded and followed by cyber-attacks. 

According to a joint security advisory issued Thursday morning by US and UK cybersecurity agencies, a new malware known as Cyclops Blink has emerged to replace the VPNFilter malware associated with the Sandworm group, which has long been suspected of being a Russian state-sponsored group.

Cyclops Blink replaced VPNFilter:

A warning is issued by the US and UK governments that the Russian state-sponsored Sandworm is using this new malware targeting network devices, a substitute for the framework of the VPNFilter malware unveiled in 2018.

In June 2019, Cyclops Blink was discovered in WatchGuard firewall devices. However, the NCSC warns that Sandworm is likely to develop the same or very similar malware for different topologies and platforms.

According to the analysis, the Cyclops Blink malware has modules for uploading and downloading files to and from its command and control server, collecting and exfiltrating device information, and updating the malware. Although the presence of a Cyclops Blink infection does not necessarily signify that an organization is a primary target, it may be used to launch cyberattacks against others.