Today, the U.S. Department of Justice (DOJ) announced further actions to disrupt Cyclops Blink, a sophisticated state-sponsored botnet that affected network devices from multiple vendors, including a limited number (less than 1%) of WatchGuard firewall appliances.
On February 23rd, WatchGuard released a 4-Step Cyclops Blink Diagnosis and Remediation Plan, which allowed WatchGuard customers to detect—and if necessary—eliminate the threat of the Cyclops Blink botnet from their appliances. The actions announced by the DOJ today further mitigate the risk posed by Cyclops Blink by disrupting its command-and-control infrastructure, which prevents the botnet from being mobilized. WatchGuard was commended for playing an important role in helping to eliminate the threat of Cyclops Blink through the rapid release of its detection and remediation tools to protect our customers and partners, and our cooperation with government agencies in their disruption of the botnet.
WatchGuard appreciates the swift response of its partner and customer community. Rapid implementation of the 4-Step Cyclops Blink Diagnosis and Remediation Plan has resulted in unprecedented adoption rates for our latest Fireware OS firmware, which provides ongoing protection for all customers; the removal of the threat from impacted appliances; and widespread customer awareness of the need to avoid unrestricted port management policies in line with industry best security practices.
WatchGuard strongly recommends that any customers that have not yet completed WatchGuard’s 4-Step Cyclops Blink Diagnosis and Remediation Plan immediately visit detection.watchguard.com and follow the steps outlined; namely, to diagnose, remediate, prevent, and investigate. Once all the steps provided by WatchGuard are applied in full, WatchGuard devices are no longer vulnerable to infection by Cyclops Blink.
As always, WatchGuard Support is available 24/7 to support customers and partners in the implementation of these fixes.
- WatchGuard’s 4-Step Cyclops Blink Diagnosis and Remediation Plan
- Cyclops Blink Frequently Asked Questions (FAQ)
- WatchGuard Blog Post Announcing Cyclops Blink Detection & Remediation Tools, February 23, 2022
- Security Best Practices Provided By FBI, CISA, NSA, and UK NCSC (see Further Guidance section)