HiatusRAT Malware Campaign's New Target Are US Government Systems

In a fresh HiatusRAT malware drive, cyber attackers have focused on a U.S. Department of Defense server in a reconnaissance attack, marking a change from previous targets in Latin America and Europe. Formerly, they aimed at compromising DrayTek Vigor VPN routers used by medium-sized businesses. However, the campaign's course shifted unexpectedly between mid-June and August, with a U.S. military procurement system and Taiwanese organizations becoming targets. HiatusRAT samples were adapted for various architectures and hosted on newly obtained virtual private servers (VPSs). One of these VPS nodes facilitated data transfer with a U.S. military server meant for contract proposals. This implies that the attackers might be after publicly available information about military requisites or seeking Defense Industrial Base (DIB)-affiliated organizations. Lumen's Black Lotus Labs suggested, "The actor seems to be searching for publicly accessible resources related to ongoing and future military contracts, possibly aiming to identify organizations associated with the Defense Industrial Base (DIB) for potential future targeting." Read more...