• Fri. Oct 13th, 2023

“HiatusRAT” Malware Resurfaces, Targets US Military and Taiwanese Entities

Avatar photo

ByEsme Greene

Sep 12, 2023
"HiatusRAT" Malware Returns, Targets US Military
Esme Greene
Latest posts by Esme Greene (see all)

A sudden surge in the malicious activity of the “HiatusRAT” malware has been observed by Black Lotus Labs, Lumen Technologies’ threat research division. While past targets were largely concentrated in Latin America and Europe, the malware’s recent activities have honed in on organizations in Taiwan and assets of the U.S. military.

The U.S. Directorate of National Intelligence (ODNI) has drawn links between the heightened HiatusRAT activity and China’s geopolitical ambitions, underscoring the criticality of the situation in the broader global cybersecurity landscape. To tackle this threat head-on, the Black Lotus Labs team has swiftly neutralized the newly identified Command and Control (C2) servers. They’ve also integrated the discovered indicators of compromise into their swift threat detection and response mechanisms.

Tracing the malware’s early stages, the campaign was reportedly zeroing in on DrayTek Vigor’s End of Life (EoL) router models, specifically the 2960 and 3900 variants. By the middle of February 2023, around 100 Internet-connected devices fell prey to the attack. The compromised sectors encompass a range of industries, from pharmaceuticals and IT services to local municipalities.

The capabilities of HiatusRAT are not to be underestimated. It possesses the skill to gather intricate details about a router, its active processes, and even establish a connection to a distant C2 server, facilitating file retrieval or the execution of arbitrary commands.

In response to this imminent threat, Lumen Technologies has bolstered its defense mechanisms. They’re leveraging the prowess of solutions anchored in the Secure Access Service Edge (SASE) framework. Experts are also championing the adoption of advanced cryptographic protocols, including SSL and TLS, to fortify data during network transmission.

For individuals who maintain personal routers, vigilance is key. Regular software updates coupled with meticulous device health checks are paramount. Relying on devices no longer supported by vendors is a glaring misstep, potentially offering cybercriminals easy access points.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.