Security News > 2023 > August > HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack
The threat actors behind the HiatusRAT malware have returned from their hiatus with a new wave of reconnaissance and targeting activity aimed at Taiwan-based organizations and a U.S. military procurement system.
Besides recompiling malware samples for different architectures, the artifacts are said to have been hosted on new virtual private servers, Lumen Black Lotus Labs said in a report published last week.
Targets included commercial firms, such as semiconductor and chemical manufacturers, and at least one municipal government organization in Taiwan as well as a U.S. Department of Defense server associated with submitting and retrieving proposals for defense contracts.
A telemetry analysis to determine connections made to the server hosting the malware has revealed that "Over 91% of the inbound connections stemmed from Taiwan, and there appeared to be a preference for Ruckus-manufactured edge devices."
The HiatusRAT infrastructure consists of payload and reconnaissance servers, which directly communicate with the victim networks.
These servers are commandeered by Tier 1 servers, which, in turn, are operated and managed by Tier 2 servers.
News URL
https://thehackernews.com/2023/08/hiatusrat-malware-resurfaces-taiwan.html
Related news
- New RomCom malware variant 'SnipBot' spotted in data theft attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)