Here's what you need to know
- Cyclops Blink is a botnet with a version of the Cyclops Blink malware targeting some ASUS routers.
- Trend Micro believes the botnet's main purpose is to create an infrastructure for further attacks on high-value targets.
- ASUS has released a checklist to help protect your equipment as well as a list of affected routers and the required firmware to avoid this malware.
A botnet called Cyclops Blink is targeting ASUS routers with malware designed to run on the routers' hardware. As reported by PC Gamer, malware for the botnet Cyclops Blink has been found targeting some ASUS routers. This follows a report from threat researchers at Trend Micro outlining the botnet and how the malware makes its way onto the affected hardware.
Trend Micro calls Cyclops Blink an advanced modular botnet meaning it's made up of multiple parts working together. What this boils down to is that an infected router likely isn't targeting you and your data as much as it is intended to be used as part of an infrastructure for higher-priority attacks. In fact, Trend Micro believes this to be a state-sponsored attack.
Expanding on that, ZDNet has reported that the suspected creator of Cyclops Blink is Sandworm/Voodoo Bear, a Russian group supported by General Staff Main Intelligence Directorate (GRU) and has been used in attacks against Ukraine and Georgia.
ASUS likely isn't the only company affected by this attack and Trend Micro says it has data to suggest other brands of routers are being targeted as well. Trend Micro also notes a similar attack against WatchGuard firewall appliances.
Secure your ASUS router
If you have one of the following routers, you should follow ASUS' checklist to make sure you're protected against the malware. ASUS has posted these steps on its Product Security Advisory page.
- Reset the device to factory default: Login into the web GUI(http://router.asus.com) , go to Administration → Restore/Save/Upload Setting, click the “Initialize all the setting and clear all the data log”, and then click Restore button”
- Update all devices to the latest firmware.
- Ensure default admin password had been changed to a more secure one.
- Disable Remote Management (disabled by default, can only be enabled via Advanced Settings).
These steps apply to the following affected routers.
GT-AC5300 firmware under 184.108.40.206.386.xxxx
GT-AC2900 firmware under 220.127.116.11.386.xxxx
RT-AC5300 firmware under 18.104.22.168.386.xxxx
RT-AC88U firmware under 22.214.171.124.386.xxxx
RT-AC3100 firmware under 126.96.36.199.386.xxxx
RT-AC86U firmware under 188.8.131.52.386.xxxx
RT-AC68U, AC68R, AC68W, AC68P firmware under 184.108.40.206.386.xxxx
RT-AC66U_B1 firmware under 220.127.116.11.386.xxxx
RT-AC3200 firmware under 18.104.22.168.386.xxxx
RT-AC2900 firmware under 22.214.171.124.386.xxxx
RT-AC1900P, RT-AC1900P firmware under 126.96.36.199.386.xxxx
Newer routers will be equipped with an automatic update feature though it doesn't hurt to check for updates manually. This can usually be done with the router's management app or via a web browser.
These routers for the most part are older Wi-Fi 5 models though many of them are still quite fast and capable. The high-end tri-band GT-AC5300 for example is a gaming router that still has more than enough power for the majority of home users. Luckily, this router has been supported with an update so you can keep using it with confidence once you follow ASUS' instructions.
If your router is EOL or hasn't received updates in a few years, it may be worth it to check out one of the best Wi-Fi 6 routers so you have something that's still actively supported by the company that built it. You could also do a bit more to be safer on Wi-Fi if you're not sure of your connection.
Get the Android Central Newsletter
Instant access to breaking news, the hottest reviews, great deals and helpful tips.
When Samuel is not writing about networking or 5G at Android Central, he spends most of his time researching computer components and obsessing over what CPU goes into the ultimate Windows 98 computer. It's the Pentium 3.