CISA Cybersecurity Alerts 2.23.22
Ep 4 | 2.23.22

CISA Alert AA22-054A – New Sandworm malware “Cyclops Blink” replaces VPNFilter.

Show Notes

CISA, the UK’s National Cyber Security Centre (NCSC), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have identified that the actor known as Sandworm or Voodoo Bear is using a new malware, Cyclops Blink. CISA, the NCSC, and the FBI have previously attributed the Sandworm actor to the Russian General Staff Main Intelligence Directorate’s Russian (GRU’s) Main Centre for Special Technologies.

AA22-054A Alert, Technical Details, and Mitigations

Cyclops Blink Malware Analysis Report

All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or