CyberWire Daily

No rest for the wicked HiatusRAT. [Research Saturday]

Oct 28, 2023

Danny Adamitis, Lumen's Black Lotus Labs researcher, discusses the HiatusRAT malware targeting business-grade routers. The research reveals a shift in targeting towards a US military procurement system and Taiwan-based organizations, aligning with the strategic interest of the People's Republic of China. The podcast also highlights the importance of replacing legacy SIMs, securing data through Microsoft's mission innovation, upgrading end-of-life routers, and monitoring and updating old hardware devices in cybersecurity.

23:01

Creator website

Episode guests

Danny Adamitis

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The Hiatus Rat malware campaign targeted older routers and focused on networks of interest for strategic intelligence, aligning with China's interests.

To defend against router-based intrusions, organizations should use secure protocols for email traffic and regularly monitor and update their routers while implementing analytics and logging for detecting abnormal data transfers.

Deep dives

Router-based intrusions pose a significant threat

Researchers have been investigating router-based intrusions as a lesser-known security threat that can bypass firewalls and EDR solutions. Routers can serve as critical choke points, providing access to network traffic and potentially compromising organizations' security. This research focuses on the Hiatus Rat malware campaign, which targeted a range of networks, including IT service providers, MSSPs, and municipal level government organizations, aligning with the strategic interests of China. The campaign primarily targeted older DreTech Weiger routers, which were end of life but still active on the internet. The malware employed two primary binaries, including a variant of TCP dump to capture packets and a custom Trojan called HIDIS RAT for remote access and control.

Introduction

2min

Research on Hiatus Rat Malware Sample

7min

Microsoft's mission innovation and securing data, upgrading end-of-life routers

2min

Monitoring and Updating Old Hardware Devices in Cybersecurity

9min

No Rest for the Wicked: Haidis RAT takes little time off in a return to action

2min

Danny Adamitis from Lumen's Black Lotus Labs sits down to discuss their work on "No Rest For The Wicked: HiatusRAT Takes Little Time Off In A Return To Action." Last March Lumen's Black Lotus Lab researchers discovered a novel malware called HiatusRAT that targeted business-grade routers.

The research states "In the latest campaign, we observed a shift in reconnaissance and targeting activity; in June we observed reconnaissance against a U.S. military procurement system, and targeting of Taiwan-based organizations." This shift in information gathering and targeting preference exhibited in the latest campaign is synonymous with the strategic interest of the People’s Republic of China according to the 2023 ODNI threat assessment.

The research can be found here: