CISA Warns of New Malware Framework Used by Russian Sandworm Hacking Team

  /     /     /  
Publicated : 23/11/2024   Category : security

CISA Warns of New Malware Framework Used by Russian Sandworm Hacking Team


Russian General Staff Main Intelligence Directorate (GRU) hacking team appears to have swapped its VPNFilter malware platform for the so-called Cyclops Blink malware framework.


The infamous Sandworm, aka Voodoo Bear, hacking team tied to the Russian General Staff Main Intelligence Directorate’s Russian (GRU’s) Main Centre for Special Technologies (GTsST) has changed up its malware infrastructure, according to an advisory issued today from the UK National Cyber Security Centre (NCSC), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the FBI. 
Sandworm
has a vast resume of destructive attacks: the
BlackEnergy
attack on Ukraines power systems in 2015, the
Industroyer
attack against Ukraine in 2016, the
NotPetya
destructive data-wiping attacks in 2017, distribution denial-of-service attacks against the nation of Georgia in 2019, and disruptive attacks against the
Winter Olympics and Paralympics in 2018
.
The so-called Cyclops Blink modular malware framework has been in action by Sandworm since at least June 2019, according to the agencies. Cyclops Blink is typically injected via a malicious firmware update once the victims network has been infiltrated. The malware replaces the groups VPNFilter infrastructure, which was
disrupted by the Justice Department
in May 2018. 
The actor has so far primarily deployed Cyclops Blink to WatchGuard devices, but it is likely that Sandworm would be capable of compiling the malware for other architectures and firmware, the advisory says, noting that only Watchguard devices that were reset to open remote-management interfaces can be infected with the malware.
The
full report
, prepared by the NCSC, provides details on the Cyclops Blink malware and indicators of compromise.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
CISA Warns of New Malware Framework Used by Russian Sandworm Hacking Team