We're closing in on one full month since Russia invaded Ukraine and the slow drip of related threats continues. The war is, after all, happening online as well, and the net cast by state-sponsored Russian hackers is getting wider every day. Whether it's attempting to break into systems to find classified data or worse, the cyberfront is active and there are plenty of targets. A recent report from cybersecurity software company Trend Micro about activity from the ominously-named Russian botnet Cyclops Blink is just the latest example.

Trend Micro says that Cyclops Blink, which it refers to as a "state-sponsored botnet," has been around since at least 2019 and is linked to a group CISA calls Sandworm or Voodoo Bear. According to CISA, the group has been linked to a 2015 attack against Ukraine's power grid as well as disruptions in the Republic of Georgia and at the 2018 Olympics. With Cyclops Blink, Voodoo Bear appears to be going after a number of Asus routers as well as devices from WatchGuard, which makes Firebox network security hardware. But the botnet, Trend Micro writes, isn't going after "critical organizations, or those that have an evident value [in] economic, political, or military espionage."

This is not a case of "no harm, no foul," though. The report continues on to say that security researchers "believe that it is possible that the Cyclops Blink botnet’s main purpose is to build an infrastructure for further attacks on high-value targets." Basically, Cyclops Blink was made to infect routers and either use those to steal information or to springboard attacks against other targets. Asus routers with no special military or political connection might be more easily compromised due to infrequent patching and low-grade to no security. Hackers then use the compromised unit to set up remote access points for command and control servers. In starkest terms, the seemingly random takeovers of devices with no clear intelligence value could point to staging for a much larger attack of some kind in the future. According to Trend Micro, this also raises the spooky possibility of "eternal botnets," as in machines perennially linked — like the Borg, but flat and square.

Asus was made aware of the attacks and said in a March 17 statement on its Product Security Advisory page that the company is also looking into Cyclops Blink and taking remediation measures. It provided a security checklist router owners can follow to harden their defenses — as well as a list of all the affected units. Cyclops Blink is so insidious that Trend Micro advises anyone suspecting an infection to basically just get new routers — even a factory reset won't fix it.