HQ/EMEAFind out how we can help your business
The HiatusRAT developers have ended their hiatus by creating a new cybercriminal operation that infects various industries. Based on reports, the attackers launched their new campaign a couple of months ago and persisted until now.
The attacks have targeted different Taiwanese organisations and the procurement system used by the United States military.
The researchers stated that the TTPs utilised by the malware operators are different from their previous attacks that targeted the Latin American and European regions. Their past attack has compromised 100 edge networking machines to harvest traffic and run as a covert command-and-control network discreetly.
The HiatusRAT malware has appeared in multiple versions for the past three months.
According to investigations, the HiatusRAT malware has newly compiled versions that have appeared in the cybercriminal landscape for the past three months. The researchers observed prebuilt binaries that target new architectures.
The re-emergence of HiatusRAT is now present on multiple procured VPS servers. Additionally, more than 91% of the inbound connections to infectious files originated from Taiwan.
Further investigation revealed that semiconductor manufacturers and municipal government entities were the most affected organisations. Some researchers also claimed that the actors’ primary objective is to gather intelligence regarding military contracts.
The attackers’ aggressiveness is evident since they have disregarded the previous disclosures against them and their minimal efforts to modify their payload servers. This detail shows how organisations should fortify their defences since malware campaigns could reuse their exposed attack process yet still succeed with their objectives.
Furthermore, the attacker has transitioned to a strategic-based campaign since they have shifted their targets from Chinese-based operations to United States-based entities.
Fortunately, the IOCs for this campaign are available, so experts advise organisations to leverage such information to mitigate the reemerging threats. Threat analysts also recommend that organisations rely on the latest cryptographic protocols, like TLS and SSL, to protect data while observing the attack’s infrastructure and tactics.
Individuals who independently manage their routers should comply with the recommended processes, review their networks consistently, reboot their routers, and apply security updates to prevent infection from such attacks.
