Last Thursday the inevitable happened when Russia invaded Ukraine followed by a series of airstrikes that paralyzed the country’s infrastructure. But this was much more than a military invasion. According to a source, the attack was years in the making. For years Ukraine has been a victim of Russian cybercrime, most notable being the NotPetya malware in 2017 that cost the global economy $10 billion. In a build-up to the current war, Russian military planners and hackers were setting the scene through disinformation, false flags, DDoS attacks and malicious wiper malware. On Wednesday, Ukrainian government websites, parliament and banks were hit again by DDoS, this time by the destructive Cyclops Blink virus.


A report, jointly released by the National Cyber Security Centre (NCSC) in the UK and the Cybersecurity and the Infrastructure Security Agency (CISA) in the United States, confirms that a Russian state-operated hacking group, Sandworm, has developed Cyclops Blink, a form of malicious malware that targets  Watchguard firewalls. John Hultquist, a senior executive at the American threat intelligence and cybersecurity company, Mandiant, said of the virus and its creator:

“In light of the crisis in Ukraine we are very concerned about this actor, who has surpassed all others we track in terms of the aggressive cyber-attacks and information operations they have conducted. No other Russian actor has been so brazen and successful in disrupting critical infrastructure in Ukraine and elsewhere.”

The CISA and NCSC believe that Cyclops Blink is a successor to VPNFilter, a tool developed by Sandworm that infected 500,000 routers in 2018, forming a global botnet. Like VPNFilter, Cyclops Blink is capable of injecting new functionality into infected computers causing IT chaos.


When the Kremlin-backed hackers released NotPetya in 2017, it caused untold indiscriminate economic damage in 64 countries. Maersk, the world’s largest shipping line, was forced to shut its network for 2 weeks, the paralysis costing an estimated $300 million. FedEx lost $400 million when the virus infected TNT Express’s computers and its European shipments were paralyzed. Will Cyclops Blink do the same? The experts think so. They are also convinced that Russian hackers will target UK, US and European companies in retaliation for the economic sanctions that they have imposed. An attack of this magnitude would cripple global supply chains still reeling in the aftermath of the pandemic. Vespucci Maritime CEO, Lars Jensen, warned of the knock-on effects of the current military confrontation and said:

“Currently there is zero buffer capacity in container shipping, so a similar cyber-attack could have a devastating effect on global supply chains.”


Worried about the Sandworm masterminds and their spawn, Cyclops Blink? You don’t need to be. I have more than 20 years of experience in professional business IT. I specialize in cybersecurity and risk mitigation. We can work together to develop a robust cybersecurity strategy to protect your data and your IT network 24/7. Contact me now to find out how.

Leave a comment