Lumen Black Lotus Labs Reveals HiatusRAT Malware is Back and Targeting Taiwan and U.S.A. Military Websites
Black Lotus Labs – the threat intelligence arm of Lumen Technologies (NYSE: LUMN) – discovered a complex campaign in March 2023 called "HiatusRAT" that infected business-grade routers globally. Continuous monitoring of HiatusRAT reveals the threat actors are back and using the malware to target Taiwanese organizations and research U.S. military websites.
You Are Leaving Us
This link is being provided as a convenience and for informational purposes only it is not an endorsement or an approval of any of the products, services or opinions of the corporation or organization or individual.
Hostingorservers.com bears no responsibility for the accuracy, legality or content of the external site or for that of subsequent links.
You Are Leaving Us
Hostingorservers.com bears no responsibility for the accuracy, legality or content of the external site or for that of subsequent links.
"Black Lotus Labs' role is to keep the internet safe, so consumers and businesses stay safe," said Mark Dehus, director of threat intelligence at Lumen Black Lotus Labs. "Sophisticated threat actors, especially those sponsored by nation states, are exploiting edge routers and similar devices. They use malware like HiatusRAT to discreetly gain access to these devices and covertly run their espionage and criminal networks without the device owners' knowledge. It's a warning that businesses must act now to avoid their infrastructure becoming part of adversaries' ongoing operations."
What businesses and consumers should consider
- Lumen implemented countermeasures to help protect customers from this threat and disrupt its operations.
- Using comprehensive Secure Access Service Edge (SASE) or similar solutions that use VPN-based access can protect data and bolster their security posture.
- Enabling the latest cryptographic protocols can help protect data in transit; consider only using email services which rely upon SSL and TLS.
- Consumers with self-managed routers should follow best practices and regularly monitor, reboot, and install security updates and patches. End-of-life devices should be replaced with vendor-supported models to ensure patching against known vulnerabilities.
Be Concerned
In the past year alone, Black Lotus Labs discovered three malware campaigns that utilized compromised business-grade and small office/home office (SOHO) routers, and the infosec industry has observed activity against several verticals by China-based actors.
Latest HiatusRAT findings and Black Lotus Labs response
- Initial HiatusRAT reporting showed the threat actor was targeting organizations in Latin America and Europe. Beginning in June 2023, however, the group's focus shifted.
- The entities targeted in the latest campaign are consistent with the strategic interest of the People's Republic of China according, to a 2023 ODNI threat assessment.
- Black Lotus Labs has null-routed the new Hiatus command and control (C2) servers across the Lumen global backbone. The team also added the Indicators of Compromise (IoCs) from this campaign into Rapid Threat Defense® – the automated threat detection and response capability that fuels Lumen's security product portfolio by blocking threats before they reach the customer's network.
You can Read about Black Lotus Labs' initial discovery of HiatusRAT.
SOURCE Lumen Black Lotus Labs via PRNewswire
You Are Leaving Us
This link is being provided as a convenience and for informational purposes only it is not an endorsement or an approval of any of the products, services or opinions of the corporation or organization or individual.
Hostingorservers.com bears no responsibility for the accuracy, legality or content of the external site or for that of subsequent links.