"Cuttlefish Malware Targets Routers, Harvests Cloud Authentication Data"

Lumen's Black Lotus Labs discovered a new malware platform called "Cuttlefish" that collects public cloud authentication data from Internet traffic, targeting enterprise-grade and Small Office/Home Office (SOHO) routers. Cuttlefish is a platform that steals authentication material from web requests that transit the router from the adjacent Local Area Network (LAN). Researchers warn that attackers can hijack DNS and HTTP connections to private IP spaces. Black Lotus Labs found code overlaps between Cuttlefish and "HiatusRat," a Chinese hacking group that targeted US military networks and organizations in Europe. This article continues to discuss findings regarding the Cuttlefish malware platform. 

SecurityWeek reports "Cuttlefish Malware Targets Routers, Harvests Cloud Authentication Data"

Submitted by grigby1

Submitted by Gregory Rigby on