Cyclops Blink malware launches persistent attacks on several popular ASUS routers
ASUS, a hardware device manufacturer, issued a security warning a few days ago. ASUS found that a hacker group launched a cyber-attack on several popular routers of the ASUS brand. The malware used by the hacking group is modular and can be updated at any time for new features and attacks on Asus’ new routers. However, it is rather strange that ASUS has not disclosed the path of the hacker attack from the announcement, which means that it is not known whether it is a vulnerability or other reasons. However, ASUS mentioned that the company is investigating and will continue to release software updates.
ASUS says that the affected products include the GT-AC5300, GT-AC2900, RT-AC5300, RT-AC88U, RT-AC3100, RT-AC86U, RT-AC68U, AC68R, AC68W, AC68P, RT-AC66U_B1, RT-AC3200, RT-AC2900, RT-AC1900P, RT-AC1900P, RT-AC87U, RT-AC66U, and RT-AC56U router models. The last three have reached End-of-Life (EOL) status.
ASUS says that the affected products include the GT-AC5300, GT-AC2900, RT-AC5300, RT-AC88U, RT-AC3100, RT-AC86U, RT-AC68U, AC68R, AC68W, AC68P, RT-AC66U_B1, RT-AC3200, RT-AC2900, RT-AC1900P, RT-AC1900P, RT-AC87U, RT-AC66U, and RT-AC56U router models. The last three have reached End-of-Life (EOL) status.
Here are Asus’ security recommendations:
To help owners of these routers take necessary precautions, we compiled a security checklist:
(1) Reset the device to factory default: Login into the web GUI(http://router.asus.com) , go to Administration → Restore/Save/Upload Setting, click the “Initialize all the setting and clear all the data log”, and then click Restore button”
(2) Update all devices to the latest firmware.
(3) Ensure default admin password had been changed to a more secure one.
(4) Disable Remote Management (disabled by default, can only be enabled via Advanced Settings).
Security firm Trend Micro first discovered the attack on Asus routers by Cyclops Blink malware allegedly linked to Russia. Cyclops Blink malware exploited numerous routers and other IoT devices, but the hackers aren’t aiming to mine cryptocurrency. Analysis shows that the malware used by the botnet is very complex, and the ultimate goal of the attackers behind it may be to steal information, including all kinds of confidential information.
NotPetya, which previously attacked the Ukrainian power network, is also believed to have been developed by Cyclops Blink’s author when a large amount of server data was directly copied. Therefore, the most direct harm to users is that there may be data leakage problems, including data theft and access hijacking at the router level.
Users who use ASUS brand routers are advised to reset the router and update the firmware according to the official ASUS recommendation. Other information needs to be investigated and explained in detail by ASUS.
