CISA Warns of New Malware Framework Used by Russian Sandworm Hacking Team

  /     /     /  
Publicated : 23/11/2024   Category : security


CISA Warns of New Malware Framework Used by Russian Sandworm Hacking Team


Russian General Staff Main Intelligence Directorate (GRU) hacking team appears to have swapped its VPNFilter malware platform for the so-called Cyclops Blink malware framework.



The infamous Sandworm, aka Voodoo Bear, hacking team tied to the Russian General Staff Main Intelligence Directorate’s Russian (GRU’s) Main Centre for Special Technologies (GTsST) has changed up its malware infrastructure, according to an advisory issued today from the UK National Cyber Security Centre (NCSC), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the FBI. 
Sandworm
has a vast resume of destructive attacks: the
BlackEnergy
attack on Ukraines power systems in 2015, the
Industroyer
attack against Ukraine in 2016, the
NotPetya
destructive data-wiping attacks in 2017, distribution denial-of-service attacks against the nation of Georgia in 2019, and disruptive attacks against the
Winter Olympics and Paralympics in 2018
.
The so-called Cyclops Blink modular malware framework has been in action by Sandworm since at least June 2019, according to the agencies. Cyclops Blink is typically injected via a malicious firmware update once the victims network has been infiltrated. The malware replaces the groups VPNFilter infrastructure, which was
disrupted by the Justice Department
in May 2018. 
The actor has so far primarily deployed Cyclops Blink to WatchGuard devices, but it is likely that Sandworm would be capable of compiling the malware for other architectures and firmware, the advisory says, noting that only Watchguard devices that were reset to open remote-management interfaces can be infected with the malware.
The
full report
, prepared by the NCSC, provides details on the Cyclops Blink malware and indicators of compromise.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
CISA Warns of New Malware Framework Used by Russian Sandworm Hacking Team