There is a new malware campaign targeting business-grade routers. It is called Hiatus, a complex operation that deploys the HiatusRAT malware. It is a kind of Remote Access Trojan (RAT) that cybercriminals use to gain remote control over a target system.

Hiatus is the first of its kind. Lumen's security experts say it has been around since July 2022 and is still active. It gives business owners another reason to tighten cybersecurity. To help you protect your organization, here's everything you need to know about the malicious campaign.

How Does the Hiatus Campaign Work?

The Hiatus campaign uses three components, namely a bash script, HiatusRAT, and a tcpdump variant. The threat actor will breach the target device and deploy the bash script. That will download and trigger the HiatusRAT. Next, the malware will steal the following: network data, system data, process data, and file system data.

The HiatusRAT malware will maintain communication with the C2 server. That way, the threat actor can keep watch over the target network. The bash script will also set up a packet-capturing program to monitor activity in TCP ports. The data there is unencrypted, so it is easy for hackers to steal.

Who Is the Hiatus Campaign Targeting?

The Hiatus campaign targets DayTrek Vigor VPN routers nearing the end of their lives. These are the 3900 and 2690 models with the i386 architecture. Businesses use these high-bandwidth routers to provide VPN support to their remote employees.

Small to medium-sized companies are the common users of these routers, so they are at high risk for attack. As of February, researchers said around 4,000 machines are vulnerable. They suspect the threat actors are spying on their targets and building a proxy network. The affected regions include Europe and North and South America.

However, the attackers are keeping a low profile to avoid detection. Out of all the routers they can attack, they have only breached 2%. That's around a hundred compromised routers. The strategy also allows them to focus on the most critical profiles.

The Bottom Line

The HiatusRAT malware can harvest all kinds of data and communicate with remote servers. The Hiatus campaign is ongoing, and no one knows how many it will victimize. That is why business owners should not let their guard down. Not only can you lose money and intellectual property in a data breach, but you will also break your customers' trust. Invest in your organization's security before it is too late.

 

If this tip helps and you would like to donate click on the button. Thanks In Advance

________________________________________________________________________________________________________

"Fortune Favors, Who Value Time over Money!"

"TeQ I.Q. was the 1st IT Company to Deliver Cloud Solutions since 2003"
Tech issues taking up your Time?
"TeQ I.Q. Makes Your Technology Secure and Protected"
Do you have Tech Frustrations like your Computer, Internet, Phone, Cellphone, Camera, TV, Car?

    "Afraid of Online Hacking?"

"SECURE your Internet and Devices with before it's too late!"

For more info go to https://www.teqiq.com/vpn/

"We Take Away Your Tech Frustrations and Give You the Free Time You Deserve!"
Call Robert to ask all your Technology questions.

For Free Consultation Call Now Robert Black at (619) 255-4180 or visit our website https://www.teqiq.com/

Chase Bank and Others Trust TeQ I.Q. with their IT and TeQnology so can you!

Used with permission from Article Aggregator