HiatusRAT Accesses Data From US Military Websites
BlackLotus Labs Sheds LIght on HiatusRat Actor
Recent cyber threats have shed light on a troubling pattern. Malware has been detected exploiting vulnerabilities in edge routers, a technique that has allowed unauthorized access to data from publicly accessible U.S. military websites.
This revelation comes as a result of investigative efforts by Black Lotus Labs, a prominent cybersecurity research entity.
Known as HiatusRAT, first came under the spotlight in March when Black Lotus Labs reported on its existence. Despite the exposure, the threat actors behind this exploit have persisted in their campaign. In a concerning turn of events, the malware was found in June to be actively targeting military systems and those affiliated with organizations in Taiwan.
While the initial activities appeared to be reconnaissance, the HiatusRAT exploit has the potential to escalate to more intrusive actions. Specifically, it can empower threat actors to monitor both machines and networks, as well as intercept router traffic.
Though the targeted systems in this recent HiatusRAT operation are outward-facing, experts at Black Lotus Labs propose a broader objective for the attackers.
Beyond capturing unclassified documents related to defense acquisition, there is speculation that the threat group seeks information pertaining to Defense Industrial Base companies that engage with the system. This data could be used for future targeting endeavors.
The latest version of the malware, dating back to July 2022, has left its footprint not only in Latin America and Europe but also in conjunction with activities against a U.S. military server and entities in Taiwan. In a broader strategic context, the alignment of the campaign's targets with the goals of CCP. However, no concrete evidence has been released publicly on the malware's source