News

The HiatusRAT malware, known for its previous targeting of business-grade routers, has resurfaced with a fresh wave of attacks aimed at organizations in Taiwan and a US military procurement system. Cybersecurity firm Lumen Black Lotus Labs recently reported that the threat actors behind the malware had recompiled the samples for different architectures and hosted them on new virtual private servers (VPSs). This bold and audacious activity shows no signs of slowing down, although the identity and origin of the threat actors remain unknown.

Among the targets of this latest campaign are semiconductor and chemical manufacturers, a municipal government organization in Taiwan, and a US Department of Defense (DoD) server involved in defense contract proposals. The HiatusRAT malware, which initially emerged in July 2022, had primarily focused on spying on victims in Latin America and Europe before these new attacks.

The recent attacks, observed from mid-June through August 2023, have involved the use of specifically designed HiatusRAT binaries for different processor architectures. Telemetry analysis has revealed that a majority of the inbound connections to the malware’s server came from Taiwan, indicating a preference for Ruckus-manufactured edge devices.

The HiatusRAT infrastructure includes payload and reconnaissance servers that communicate directly with the victim networks. These servers are controlled by Tier 1 servers, which, in turn, are managed by Tier 2 servers.

While the exact motives of the threat actors behind HiatusRAT remain unclear, it is suspected that they may be seeking publicly available information related to current and future military contracts. It is worth noting that the targeting of perimeter assets, such as routers, has become a pattern recently, with threat actors associated with China exploiting security flaws in unpatched Fortinet and SonicWall appliances to establish long-term persistence within target environments.

Despite previous disclosures of this malware’s capabilities, the threat actors have made only minor changes to their payload servers, indicating a lack of concern for reconfiguring their command-and-control (C2) infrastructure. This persistence and audacity demonstrate the need for robust cybersecurity measures and proactive defenses to protect against evolving threats like HiatusRAT.

Follow us on Twitter and LinkedIn for more exclusive content and updates.

The post HiatusRAT Malware Returns with New Wave of Attacks Targeting Taiwan and US Military System appeared first on satProviders.