CyberWire Daily cover image

CyberWire Daily

No rest for the wicked HiatusRAT. [Research Saturday]

Oct 28, 2023
Danny Adamitis, Lumen's Black Lotus Labs researcher, discusses the HiatusRAT malware targeting business-grade routers. The research reveals a shift in targeting towards a US military procurement system and Taiwan-based organizations, aligning with the strategic interest of the People's Republic of China. The podcast also highlights the importance of replacing legacy SIMs, securing data through Microsoft's mission innovation, upgrading end-of-life routers, and monitoring and updating old hardware devices in cybersecurity.
23:01

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

  • The Hiatus Rat malware campaign targeted older routers and focused on networks of interest for strategic intelligence, aligning with China's interests.
  • To defend against router-based intrusions, organizations should use secure protocols for email traffic and regularly monitor and update their routers while implementing analytics and logging for detecting abnormal data transfers.

Deep dives

Router-based intrusions pose a significant threat

Researchers have been investigating router-based intrusions as a lesser-known security threat that can bypass firewalls and EDR solutions. Routers can serve as critical choke points, providing access to network traffic and potentially compromising organizations' security. This research focuses on the Hiatus Rat malware campaign, which targeted a range of networks, including IT service providers, MSSPs, and municipal level government organizations, aligning with the strategic interests of China. The campaign primarily targeted older DreTech Weiger routers, which were end of life but still active on the internet. The malware employed two primary binaries, including a variant of TCP dump to capture packets and a custom Trojan called HIDIS RAT for remote access and control.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
App store bannerPlay store banner