Russia Seki, malware "Cyclops Blink", which seems to be the successor to "VPNFILTER" --A image of the United States and Britain
A hacker, which is likely to be connected to the Russian army, is trying to abuse firewall security vulnerabilities, invade the network, infect malware, and make it possible to access it remotely. The British Cyber Security Center (NCSC), the US Cyber Security Infrastructure Security Agency (CISA), the US National Security Agency (NSA), and the US Federal Bureau (FBI) explain this new malware Cyclops Blink. And warn. It is said that the Hacker Group "SandWorm", which is said to have a relationship with the Russian Chief of Staff Information (GRU), may be involved. According to NCSC analysis, Cyclops Blink appears to be "developed by professionals" and is "very advanced malware." Cyclops Blink is likely to be an alternative to "VPNFILTER". A hacker group, which has a relationship with the Russian government, has used this malware with a wide range of attacks that have entered network devices such as routers and accessed the network. According to NCSC, CISA, FBI and NSA, Cyclops Blink has been used at least since June 2019. Like VPNFILTER, it seems to have been introduced in "indiscriminate, wide area". You can upload and download files from infected machines. A module type can add new features to the already running malware. So far, this cyber attack has mainly affected WatchGuard firewall devices. Sandworm has been warned that the malware could be recreated for other architectures and firmware. Cyclops Blink continues to restart through the regular firmware update process. The default settings at the time of shipment may infect a WatchGuard device that has been changed to open a remote management interface for external access. Infected organizations are not necessarily major targets, but infected machines may be used to perform another attack. NCSC urged affected organizations to take measures to remove Cyclops Blink. WatchGuard explains in detail about Cyclops Blink. WatchGuard is "FBI, CISA, the US Department of Justice, and the UK NCSC, and WatchGuard is investigating the advanced botnet Cyclops Blink supported by the state and developing a easing measure. Cyclops Blink. It may have affected a limited number of WatchGuard's firewall appliance. " WatchGuard customers and partners can quickly execute WatchGuard's "4 -step CYCLOPS BLINK Diagnosis and Palliative Plan" to eliminate the possibility of being threatened by botnet malicious activities (WatchGuard. " NCSC warns that all the passwords left on the identified device that have been infected with the Cyclops Blink are dangerous and should be changed. He also states that the management interface of the network device has not been disclosed on the Internet. NCSC recommends to keep the device and network up to the latest state with the latest security patches and use multi -factor authentications as a easing measure that can be used to protect from malware. NCSC also states that the advisory is not directly related to Ukraine's current situation. This article edited by Asahi Interactive for an article from overseas RED VENTURES for Japan.
最終更新:ZDNet Japan
