HiatusRAT has been targeting business-grade routers to covertly spy on victims since July 2022
DENVER, March 6, 2023 /PRNewswire/ -- For the second time in nine months, Black Lotus Labs® – the threat research team at Lumen Technologies (NYSE: LUMN) – has uncovered a complex new malware campaign that has been exploiting compromised routers. The latest research delves into a complex, never-before-seen campaign called "Hiatus," which has been targeting business-grade routers since June 2022. It comes on the heels of the team's other recent discovery
– a novel malware called ZuoRAT – which targeted SOHO (small office/home office) routers. Black Lotus Labs does not currently believe the two campaigns are related.
Some of the industries targeted in the Hiatus campaign include pharmaceuticals, and IT services and consulting firms. Researchers suspect the IT firms were chosen to give the threat actor downstream access to the victims' customers' environments.
Read the full research report: New HiatusRAT router malware covertly spies on victims
"The rise of hybrid work has led to increased dependency on relatively low-cost routers that enable VPN access – especially for many small- and medium-sized businesses." said Mark Dehus, director of threat intelligence for Lumen Black Lotus Labs. "These devices typically live outside the traditional security perimeter, which means they usually are not monitored or updated. This helps the actor establish and maintain long-term persistence without detection."
HiatusRAT research findings:
Dehus continued, "The discovery of Hiatus confirms that actors are continuing to pursue router exploitation. These campaigns demonstrate the need to secure the router ecosystem, and routers should be regularly monitored, rebooted, and updated, while end-of-life devices should be replaced."
Black Lotus Labs' response:
About Lumen Technologies:
Lumen is guided by our belief that humanity is at its best when technology advances the way we live and work. With approximately 400,000 route fiber miles and serving customers in more than 60 countries, we deliver the fastest, most secure platform for applications and data to help businesses, government and communities deliver amazing experiences. Learn more about the Lumen network, edge cloud, security, communication and collaboration solutions and our purpose to further human progress through technology at news.lumen.com/home, LinkedIn: /lumentechnologies, Twitter: @lumentechco, Facebook: /lumentechnologies, Instagram: @lumentechnologies and YouTube: /lumentechnologies. Lumen and Lumen Technologies are registered trademarks in the United States.
SOURCE Lumen Black Lotus Labs