Your Asus router may require an urgent update to protect against sticky botnet

Asus ROG router pictured from the top downon a black background
(Image credit: Asus ROG)

Asus has issued a warning to owners of some of its routers asking them to download a recent firmware update to help protect against new malware targeting its products. Asus recommends measures be taken immediately to prevent your network being infected with the botnet malware, known as Cyclops Blink, though is investigating a more permanent fix.

In a security bulletin on the Asus website, the company outlines the best way for users to strengthen their defences against Cyclops Blink. These include: resetting the device to factory default settings, updating the device to the latest firmware version, changing the admin password, and disabling Remote Management (should be disabled by default).

The affected Asus products are: 

  • GT-AC5300 firmware under 3.0.0.4.386.xxxx
  • GT-AC2900 firmware under 3.0.0.4.386.xxxx
  • RT-AC5300 firmware under 3.0.0.4.386.xxxx
  • RT-AC88U firmware under 3.0.0.4.386.xxxx
  • RT-AC3100 firmware under 3.0.0.4.386.xxxx
  • RT-AC86U firmware under 3.0.0.4.386.xxxx
  • RT-AC68U, AC68R, AC68W, AC68P firmware under 3.0.0.4.386.xxxx
  • RT-AC66U_B1 firmware under 3.0.0.4.386.xxxx
  • RT-AC3200 firmware under 3.0.0.4.386.xxxx
  • RT-AC2900 firmware under 3.0.0.4.386.xxxx
  • RT-AC1900P, RT-AC1900P firmware under 3.0.0.4.386.xxxx
  • RT-AC87U (EOL)
  • RT-AC66U (EOL)
  • RT-AC56U (EOL)

The products noted as GT are seriously beefy gaming routers, and some of the RT ones are pretty chunky routers, too.

Cyclops Blink is a persistent advanced modular botnet that is tough to shake off once it has a hold on your system. Trend Micro has performed a deep-dive into the malware and exactly how it operates, which I recommend you give a read if you're into this sort of stuff—it is fascinating to know thy enemy. Essentially, though, it sets up a route of communication between an infected device and the attacker's servers, and is able to cipher and send data to these servers as it pleases.

In the case of the exact Asus variant of these malware, it can actually access a device's flash memory. That means it will have pretty much unfettered access to a machine once infected. It also means that the malware can actually survive factory resets. Though as Asus notes, flashing a device should finally be rid of the malware, but how often do most users flash their entire routers?

The malware itself is modular in nature, so it's assumed that it could be modified by its creators to run on other brands of routers relatively easily.

The botnet is reportedly linked to the Sandstorm or Voodoo Bear advanced persistent threat (APT) groups, says Trend Micro. Those groups have quite a track history: The Sandworm APT group has been linked to the VPNFilter botnet and attacks on the Ukrainian electrical grid, French presidential campaign, and the Winter Olympic games.

Sitting comfortably?

(Image credit: Secretlab)

Best chair for gaming: the top gaming chairs around
Best gaming desk: the ultimate PC podiums
Best PC controller: sit back, relax, and get your game on

The FBI, CISA, US Department of Justice, and UK National Cyber Security Centre all jointly warned about the threat of Cyclops Blink last month.

"The malicious cyber actor known as Sandworm or Voodoo Bear is using new malware, referred to as Cyclops Blink," the joint statement reads (via The Register). Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office routers and network-attached storage devices."

This sounds like a malware you don't want to meddle with. As ever, updating your PC's drivers to the latest is the best form of defence in most cases—short of disconnecting your whole PC from the internet, of course. However, I do believe there are sure to be many routers that haven't seen a patch in their life, and that's why it's really important that users with those affected devices heed this call.

Jacob Ridley
Senior Hardware Editor

Jacob earned his first byline writing for his own tech blog. From there, he graduated to professionally breaking things as hardware writer at PCGamesN, and would go on to run the team as hardware editor. Since then he's joined PC Gamer's top staff as senior hardware editor, where he spends his days reporting on the latest developments in the technology and gaming industries and testing the newest PC components.