Asus warns of dangerous malware targeting many router models
Asus has issued a security advisory for some of the company’s routers. The firmware is vulnerable to the Russia-related Cyclops Blink malware, so a backup measure is urgently needed. That reports that Bleeping Computer Online Magazine “Cyclops Blink” is malware associated with the Russian-backed hacking group Sandworm and has historically targeted WatchGuard Firebox and other SOHO network devices. The manufacturer Asus has now confirmed that its routers are also being attacked.
The malware can enable remote access to compromised networks. One problem with this is that Cyclops Blink is modular and can be quickly adapted to other systems. Infographic Often heard – never used: protective measures on the internet Asus, therefore, has one Compromise Warning and published a security advisory with workarounds for the increased security risk.
Cyclops Blink now targets Asus routers
Trend Micro security researchers examined the malware and found that the malware has a special module that targets various Asus routers. Among other things, the malware can read flash memory to collect information about important files, executable programs, data, and libraries. The malware is instructed to reside in the flash memory and remains there permanently as this memory space is not wiped even with factory resets.
Vulnerable Asus Devices
In a security advisory released today, Asus warns that the following router models and firmware versions are vulnerable to Cyclops Blink attacks:
- GT-AC5300 firmware on 188.8.131.52.386.xxxx
- GT-AC2900 firmware on 184.108.40.206.386.xxxx
- RT-AC5300 firmware on 220.127.116.11.386.xxxx
- RT-AC88U firmware on 18.104.22.168.386.xxxx
- RT-AC3100 firmware on 22.214.171.124.386.xxxx
- RT-AC86U firmware on 126.96.36.199.386.xxxx
- RT-AC68U, AC68R, AC68W, AC68P firmware below 188.8.131.52.386.xxxx
- RT-AC66U_B1 firmware at 184.108.40.206.386.xxxx
- RT-AC3200 firmware on 220.127.116.11.386.xxxx
- RT-AC2900 firmware on 18.104.22.168.386.xxxx
- RT-AC1900P, RT-AC1900P firmware below 22.214.171.124.386.xxxx
- RT-AC87U (EOL)
- RT-AC66U (EOL)
- RT-AC56U (EOL)
At this point, Asus has not released any new firmware updates to protect against Cyclops Blink but has recommended the following fixes that can be used to protect the devices. ASUS writes:
- Factory reset the device: Log in to the web GUI, go to Administration → Reset/Save/Upload Settings, click “Initialize All Settings and Clear All Data Logs” and then click the Restore button.
- Update to the latest available firmware.
- Make sure the default administrator password has been changed to a more secure one.
- Disable remote management (disabled by default, can only be enabled through advanced settings).
- If you are using any of the three models marked EOL (End of Life), please note that they are no longer supported and therefore will not receive a firmware security update. In this case, you are advised to replace your device with a new one.
It has been a long time since I joined Research Snipers. Though I have been working as a part-time tech-news writer, it feels good to be part of the team. Besides that, I am building a finance-based blog, working as a freelance content writer/blogger, and a video editor.