New HiatusRAT Malware Campaign Targets Business Routers
Reading Time: 2 minutesA new malware campaign is targeting small business routers to steal data.
A new malware campaign, known as ‘Hiatus’, is targeting small business routers to steal data and spy on victims.
New ‘Hiatus’ Malware Campaign Attacks Business Routers
A new malware campaign, dubbed, ‘Hiatus’ is targeting small business routers using HiatiusRAT malware.
On March 6, 2023, research firm Lumen published a blog post discussing this malicious campaign. In the Lumen blog post, it was stated that ‘Lumen Black Lotus Labs® identified another, never-before-seen campaign involving compromised routers.’
HiatusRAT is a type of malware known as a Remote Access Trojan (RAT). Remote Access Trojans are used by cybercriminals to gain remote access and control of a targeted device. The most recent version of the HiatusRAT malware seems to have been in use since July 2022.
In the Lumen blog post, it was also stated that ‘HiatusRAT allows the threat actor to remotely interact with the system, and it utilizes prebuilt functionality – some of which is highly unusual – to convert the compromised machine into a covert proxy for the threat actor.’
Using the ‘tcpdump’ command line utility, HiatusRAT can catch the network traffic passing over the targeted router, allowing the theft of data. Lumen also speculated that the malicious operators involved in this attack aim to set up a covert proxy network via the attack.
HiatusRAT Is Targeting Specific Kinds of Routers
The HiatusRAT malware is being used to attack end-of-life DrayTek Vigor VPN routers, specifically the 2690 and 3900 models running an i386 architecture. These are high-bandwidth routers used by businesses to give remote workers VPN support.
These router models are commonly used by small-to-mid-sized business owners, who are at particular risk of being targeted in this campaign. Researchers do not know how these DrayTek Vigor routers were infiltrated at the time of writing.
Over 4,000 machines were found to be vulnerable to this malware campaign in mid-February, meaning many businesses are still at risk of attack.
Attackers Are Only Targeting a Few DrayTek Routers
Of all the DrayTek 2690 and 3900 routers connected to the internet today, Lumen reported an infection rate of just 2 percent.
This indicates that the malicious operators are attempting to keep their digital footprint at a minimum to limit exposure and evade detection. Lumen also suggested in the aforementioned blog post that this tactic is also being used by attackers to ‘maintain critical points of presence.’
HiatusRAT Poses an Ongoing Risk
At the time of writing, HiatusRAT poses a risk to many small businesses, with thousands of routers still being exposed to this malware. Time will tell just how many DrayTek routers are successfully targeted in this malicious campaign.
Reference: https://www.makeuseof.com/new-hiatusrat-malware-targets-business-routers/
Ref: makeuseof
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG