HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack

2023-08-21 05:37

The threat actors behind the HiatusRAT malware have returned from their hiatus with a new wave of reconnaissance and targeting activity aimed at Taiwan-based organizations and a U.S. military procurement system.

Besides recompiling malware samples for different architectures, the artifacts are said to have been hosted on new virtual private servers, Lumen Black Lotus Labs said in a report published last week.

Targets included commercial firms, such as semiconductor and chemical manufacturers, and at least one municipal government organization in Taiwan as well as a U.S. Department of Defense server associated with submitting and retrieving proposals for defense contracts.

A telemetry analysis to determine connections made to the server hosting the malware has revealed that "Over 91% of the inbound connections stemmed from Taiwan, and there appeared to be a preference for Ruckus-manufactured edge devices."

The HiatusRAT infrastructure consists of payload and reconnaissance servers, which directly communicate with the victim networks.

These servers are commandeered by Tier 1 servers, which, in turn, are operated and managed by Tier 2 servers.

News URL

https://thehackernews.com/2023/08/hiatusrat-malware-resurfaces-taiwan.html

#attack #malware #military #taiwan

News URL

Related news