A new wave of spying and targeting activities has been launched by the threat actors responsible for the HiatusRAT malware against Taiwanese firms and a U.S. military procurement system.
The artifacts are also alleged to have been hosted on new virtual private servers (VPSs), according to a report released last week by Lumen Black Lotus Labs.
According to the cybersecurity company, the activity cluster is “brazen” and “one of the most audacious,” showing no indications of stopping down. The threat actors’ identities and places of origin are not yet known.
HiatusRAT
HiatusRAT was initially exposed by the cybersecurity firm in March 2023 as having targeted business-grade routers as part of a campaign that started in July 2022 to discreetly spy on victims, who were mostly located in Latin America and Europe.
Globally, up to 100 edge networking devices were infected with malware that allowed it to passively collect traffic and turn the devices into a command-and-control (C2) infrastructure proxy network.
The hackers connected to the DoD server on June 13 for almost two hours using two separate IP addresses: 207.246.80[.]240 and 45.63.70[.]57, according to the information available. An estimated 11 MB of bi-directional data was exchanged during that time.
Although the ultimate objective is unclear, it is believed that the opponent may have been searching for publicly accessible information about current and upcoming military contracts in order to target them in the future.
Despite prior exposures of tools and capabilities, the threat actor “took the most minimal of steps to swap out existing payload servers and carried on with their operations, without even trying to re-configure their C2 infrastructure,” the company claimed.
Would you like to join ethical hacking course in Delhi, Noida India? If yes, please visit crytpus cyber security and our experts will try to help. And also provide job oriented summer internship program in Delhi NCR, India.