Skip to content

WatchGuard Support Alert

Detection and Remediation for Cyclops Blink State-Sponsored Botnet

This is a critical security alert for WatchGuard partners that requires immediate action for your customers under management with WatchGuard firewalls.

Working closely with the FBI, CISA, DOJ, and NCSC1, WatchGuard has investigated and developed a remediation for Cyclops Blink, a sophisticated state-sponsored botnet, that may have affected a limited number of WatchGuard firewall appliances. WatchGuard partners can eliminate the potential threat posed by malicious activity from the botnet by immediately enacting WatchGuard’s 4-Step Cyclops Blink Diagnosis and Remediation Plan. It is critical that all appliances, whether infected or not, upgrade to the latest version of Fireware OS.

Remediation steps are only necessary if you have an infected appliance; however, the future protection steps and upgrades are applicable to all.

Visit to review and enact the 4-Step Cyclops Blink Diagnosis and Remediation Plan now.

Our corporate blog post includes additional information about the botnet, and our KB article details the detection, remediation, and prevention steps for all Firebox models. As always, our Support Team is available to help answer any questions.


Your WatchGuard Team

Previous article End of Life for WatchGuard Firebox Products - Upgrade now!
Next article WatchGuard: Five Cybersecurity New Year’s Resolutions You Can Achieve Today!

More WatchGuard News Posts