Some traffic control devices may have a weakness to a cyber exploit called “Cyclops Blink” (CB) that is designed to exploit devices running Linux OS on a PowerPC. The malware code is not specifically targeted at transportation agencies, but there are many roadside devices that can be affected by this malware. An example of one such device is the early generation Advanced Traffic Controllers (ATC), ATC uses Linux OS on a PowerPC microprocessor.
Local Planning Agencies should consider identifying if they have susceptible devices and contacting the relevant manufacturers to see if the limitation can be mitigated. This information will be important to any agencies operating devices using Linux operating systems on a PowerPC microprocessor.
Institute of Transportation Engineers (ITE) has forwarded and highlighted this information to manufacturers supplying roadside devices to our State, Local, Tribal, and Territorial (SLTT) colleagues. We recommend our SLTT colleagues to contact their equipment suppliers to determine if their operational system can be affected by and to obtain recommendations for any mitigations to reduce the possibility of an incident from this malware.
The following information is provided for CB malware by the Cybersecurity and Infrastructure Security Agency (CISA). There is also an in-depth technical analysis from Government Communications Headquarters (GCHQ).
This is additional information only and SLTT agencies are not expected to respond to CISA:
https://www.cisa.gov/uscert/ncas/alerts/aa22-054a
GCHQ detailed analysis regarding CB malware:
https://www.ncsc.gov.uk/files/Cyclops-Blink-Malware-Analysis-Report.pdf
Please contact:
Edward Fok, FHWA Transportation Technologies Specialist – Operations TST
Phone: 415-744-4848
Email: edward.fok@dot.gov