Security News > 2023 > March > New HiatusRAT Malware Targets Business-Grade Routers to Covertly Spy on Victims
A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022.
Given that the impacted devices are high-bandwidth routers that can simultaneously support hundreds of VPN connections, it's being suspected that the goal is to spy on targets and establish a stealthy proxy network.
HiatusRAT is feature-rich and can harvest router information, running processes, and contact a remote server to fetch files or run arbitrary commands.
The use of compromised routers as proxy infrastructure is likely an attempt to obfuscate the C2 operations, the researchers said.
The findings come more than six months after Lumen Black Lotus Labs also shed light on an unrelated router-focused malware campaign that used a novel trojan called ZuoRAT. "The discovery of Hiatus confirms that actors are continuing to pursue router exploitation," Dehus said.
"These campaigns demonstrate the need to secure the router ecosystem, and routers should be regularly monitored, rebooted, and updated, while end-of-life devices should be replaced."
News URL
https://thehackernews.com/2023/03/new-hiatusrat-malware-targets-business.html