WatchGuard Support Alert
Detection and Remediation for Cyclops Blink State-Sponsored Botnet
This is a critical security alert for WatchGuard partners that requires immediate action for your customers under management with WatchGuard firewalls.
Working closely with the FBI, CISA, DOJ, and NCSC1, WatchGuard has investigated and developed a remediation for Cyclops Blink, a sophisticated state-sponsored botnet, that may have affected a limited number of WatchGuard firewall appliances. WatchGuard partners can eliminate the potential threat posed by malicious activity from the botnet by immediately enacting WatchGuard’s 4-Step Cyclops Blink Diagnosis and Remediation Plan. It is critical that all appliances, whether infected or not, upgrade to the latest version of Fireware OS.
Remediation steps are only necessary if you have an infected appliance; however, the future protection steps and upgrades are applicable to all.
Visit detection.watchguard.com to review and enact the 4-Step Cyclops Blink Diagnosis and Remediation Plan now.
Our corporate blog post includes additional information about the botnet, and our KB article details the detection, remediation, and prevention steps for all Firebox models. As always, our Support Team is available to help answer any questions.
Your WatchGuard Team