
CyberWire Daily
No rest for the wicked HiatusRAT. [Research Saturday]
Episode guests
Podcast summary created with Snipd AI
Quick takeaways
- The Hiatus Rat malware campaign targeted older routers and focused on networks of interest for strategic intelligence, aligning with China's interests.
- To defend against router-based intrusions, organizations should use secure protocols for email traffic and regularly monitor and update their routers while implementing analytics and logging for detecting abnormal data transfers.
Deep dives
Router-based intrusions pose a significant threat
Researchers have been investigating router-based intrusions as a lesser-known security threat that can bypass firewalls and EDR solutions. Routers can serve as critical choke points, providing access to network traffic and potentially compromising organizations' security. This research focuses on the Hiatus Rat malware campaign, which targeted a range of networks, including IT service providers, MSSPs, and municipal level government organizations, aligning with the strategic interests of China. The campaign primarily targeted older DreTech Weiger routers, which were end of life but still active on the internet. The malware employed two primary binaries, including a variant of TCP dump to capture packets and a custom Trojan called HIDIS RAT for remote access and control.