'Hackers for one of Russia’s most elite and brazen spy agencies have infected home and small-office network devices around the world with a previously unseen malware that turns them into attack platforms that can steal confidential data and target other networks. Cyclops Blink, as the advanced malware has been dubbed, has infected about 1 percent of network firewall devices made by network device manufacturer Watchguard, the company said on Wednesday. The malware is able to abuse a legitimate firmware update mechanism found in infected devices in a way that gives it persistence, meaning it survives reboots. [...] So far, the advisory stated, Sandworm has “primarily” used the malware to infect network devices from WatchGuard, but it’s likely the hackers are able to compile it to run on other platforms as well. The malware gains persistence on WatchGuard devices by abusing the legitimate process they use to receive firmware updates.' -- source: https://arstechnica.com/information-technology/2022/02/russias-most-cut-thro... Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 (office) +64 (7) 577-5304 (home office) https://www.cs.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/