Security News > 2023 > August > HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack
The threat actors behind the HiatusRAT malware have returned from their hiatus with a new wave of reconnaissance and targeting activity aimed at Taiwan-based organizations and a U.S. military procurement system.
Besides recompiling malware samples for different architectures, the artifacts are said to have been hosted on new virtual private servers, Lumen Black Lotus Labs said in a report published last week.
Targets included commercial firms, such as semiconductor and chemical manufacturers, and at least one municipal government organization in Taiwan as well as a U.S. Department of Defense server associated with submitting and retrieving proposals for defense contracts.
A telemetry analysis to determine connections made to the server hosting the malware has revealed that "Over 91% of the inbound connections stemmed from Taiwan, and there appeared to be a preference for Ruckus-manufactured edge devices."
The HiatusRAT infrastructure consists of payload and reconnaissance servers, which directly communicate with the victim networks.
These servers are commandeered by Tier 1 servers, which, in turn, are operated and managed by Tier 2 servers.
News URL
https://thehackernews.com/2023/08/hiatusrat-malware-resurfaces-taiwan.html
Related news
- Over 100 US and EU orgs targeted in StrelaStealer malware attacks (source)
- The Biggest Takeaways from Recent Malware Attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- CoralRaider attacks use CDN cache to push info-stealer malware (source)
- New Latrodectus malware attacks use Microsoft, Cloudflare themes (source)
- Finland warns of Android malware attacks breaching bank accounts (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)