CISA & England’s GOVT security agencies have issued a special alert for “Cyclops Blink” that can interact with VPN software to intercept.  The Sandworm group of attackers has written very advanced malware agents & security professionals should track further developments.

New Sandworm Malware Cyclops Blink Replaces VPNFilter | CISA

The United Kingdom’s National Cyber Security Centre, CISA, the National Security Agency, and the Federal Bureau of Investigation have released a joint Cybersecurity Advisory (CSA) reporting that the malicious cyber actor known as Sandworm or Voodoo Bear is using new malware, referred to as Cyclops Blink. Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office routers and network-attached storage devices.  CISA encourages users and administrators to review joint CSA: New Sandworm Malware Cyclops Blink Replaces VPNFilter for additional technical details and mitigations.

The malicious cyber activity below has previously been attributed to Sandworm: