"New HiatusRAT Malware Targets Business-Grade Routers to Covertly Spy on Victims"

At least since July 2022, a never-before-seen malware has been targeting business-grade routers to eavesdrop on victims in Latin America, Europe, and North America. The campaign, dubbed Hiatus by Lumen Black Lotus Labs, distributes two malicious binaries: a Remote Access Trojan (RAT) named HiatusRAT and a variant of tcpdump that enables packet capturing on the target device. After a targeted system is infected with HiatusRAT, the threat actor can remotely communicate with the system, and the compromised system is turned into a covert proxy for the threat actor. The packet-capture binary allows the actor to monitor router traffic on ports related to email and file-transfer communications. As of mid-February 2023, the threat cluster predominantly targets end-of-life (EoL) DrayTek Vigor router models 2960 and 3900, with about 100 Internet-accessible devices affected. Impacted industries include pharmaceuticals, Information Technology (IT) services/consulting firms, and municipal government. This article continues to discuss researchers' findings regarding the new HiatusRAT malware. 

THN reports "New HiatusRAT Malware Targets Business-Grade Routers to Covertly Spy on Victims"