Cyclops Blink is malicious Linux ELF executable, compiled for the 32-bit PowerPC (big endian) architecture.
It targeted routers and firewall devices from WatchGuard and ASUS and adds them to a botnet for command and control (C&C).
[1] Infection is through an exploit with the code CVE-2022-23176, which allows a privilege escalation to obtain management ability on the device.
[2] After a device has been infected, it acts as a command and control server, and its software design allows for further modules to be installed and be resilient to firmware upgrades.
Cyclops Blink was first reported on in February of 2022 after security advisories published by the United Kingdom's National Cybersecurity Centre (NCSC) and the United States' Cybersecurity and Infrastructure Security Agency (CISA) detailed its presence in the wild.