Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
China's new tactic of revealing rival secrets and espionage.
Black Lotus Labs, the threat research division of Lumen Technologies, detected the resumption of activity of the HiatusRAT malware in June of this year. While previously the targets were organizations in Latin America and Europe, now the activity is focused on Taiwanese organizations and US military resources.
According to a report by the US National Intelligence Directorate (ODNI), the activity of HiatusRAT is consistent with China's geopolitical interests, which makes the threat even more significant in the context of global cybersecurity. The Black Lotus Labs team has locked down new Command and Control (C2) servers and integrated compromise indicators into their rapid threat detection and response systems.
Initially, it was claimed that the malicious campaign was aimed primarily at DrayTek Vigor router models with an expired support period (End of Life, EoL) of 2960 and 3900. As of mid-February 2023, about 100 devices connected to the Internet were compromised. Some of the affected industry verticals include pharmaceuticals, IT services, municipal governments, etc.
HiatusRAT has extensive capabilities and can collect information about the router, running processes, and communicate with a remote C2 server to receive files or execute arbitrary commands.
Lumen Technologies has already taken a number of measures to neutralize the threat, including the use of integrated solutions based on Secure Access Service Edge (SASE). Experts recommend using modern cryptographic protocols, including SSL and TLS, to ensure the security of data transmitted over the network.
For users with their own routers, it is extremely important to regularly update the software and monitor the status of their devices. It is unacceptable to use devices with discontinued support from manufacturers – this opens up additional vectors for hacker attacks.
Black Lotus Labs, the threat research division of Lumen Technologies, detected the resumption of activity of the HiatusRAT malware in June of this year. While previously the targets were organizations in Latin America and Europe, now the activity is focused on Taiwanese organizations and US military resources.
According to a report by the US National Intelligence Directorate (ODNI), the activity of HiatusRAT is consistent with China's geopolitical interests, which makes the threat even more significant in the context of global cybersecurity. The Black Lotus Labs team has locked down new Command and Control (C2) servers and integrated compromise indicators into their rapid threat detection and response systems.
Initially, it was claimed that the malicious campaign was aimed primarily at DrayTek Vigor router models with an expired support period (End of Life, EoL) of 2960 and 3900. As of mid-February 2023, about 100 devices connected to the Internet were compromised. Some of the affected industry verticals include pharmaceuticals, IT services, municipal governments, etc.
HiatusRAT has extensive capabilities and can collect information about the router, running processes, and communicate with a remote C2 server to receive files or execute arbitrary commands.
Lumen Technologies has already taken a number of measures to neutralize the threat, including the use of integrated solutions based on Secure Access Service Edge (SASE). Experts recommend using modern cryptographic protocols, including SSL and TLS, to ensure the security of data transmitted over the network.
For users with their own routers, it is extremely important to regularly update the software and monitor the status of their devices. It is unacceptable to use devices with discontinued support from manufacturers – this opens up additional vectors for hacker attacks.
