Security News > 2023 > March > New Hiatus malware campaign targets routers

As previously exposed, routers might be used by threat actors as efficient locations to plant malware, often for cyberespionage.

Lumen's Black Lotus Labs has exposed new malware targeting routers in a campaign named Hiatus by the researchers.

The Hiatus campaign primarily targets DrayTek Vigor router models 2960 and 3900, which run an i386 architecture.

These routers are mostly used by medium-size companies, as the router capabilities support a few hundred of employees' VPN connections.

Figure A. As reported by the researchers, approximately 2,700 DrayTek Vigor 2960 routers and 1,400 DrayTek Vigor 3900 routers are connected to the internet.

The infection of only approximately 100 of those routers makes the campaign small and difficult to detect; the fact that only 100 routers out of thousands are impacted emphasizes the possibility that the threat actor is only aiming at particular targets and not interested in larger targeting.

News URL

https://www.techrepublic.com/article/hiatus-malware-campaign-targets-routers/