Cyclops Blink is malicious Linux ELF executable, compiled for the 32-bit PowerPC (big endian) architecture. It targeted routers and firewall devices from WatchGuard and ASUS and adds them to a botnet for command and control (C&C). The malware is reported to be originated from the hacker group Sandworm.[1]
Infection is through an exploit with the code CVE-2022-23176, which allows a privilege escalation to obtain management ability on the device.[2] After a device has been infected, it acts as a command and control server, and its software design allows for further modules to be installed and be resilient to firmware upgrades.