Cyber Threat Intel - HiatusRAT

Cyber Threat Intel - HiatusRAT - Terminal Brew
User 3301

The HiatusRAT malware threat actors have resurfaced and begun performing reconnaissance and targeting activity on US Military and Taiwan-based organizations. Current targets consist of semiconductor and chemical manufacturers in addition to US DOD servers associated to defense contracts. 

HiatusRAT was first discovered by security researchers in early 2023 where they identified exploitation of business grade routers used to gain information on victims primarily located in Latin America and Europe. These victims were used to create a global proxy network for passive traffic collection and Command and Control (C2) activity. 

The threat actors have been identified using the following source addresses to carry out attacks. 

207.246.80[.]240 and 45.63.70[.]57

The current end goal of these threat actors is still unclear, but Terminal Brew recommends searching for any activity regarding these IOCs on your networks and putting blocks in place where necessary.

 

For a more details about HiatusRAT malware check out this article by The Hacker News. 

https://thehackernews.com/2023/08/hiatusrat-malware-resurfaces-taiwan.html 

Related posts

  • New Backdoor targeting Apple MacOS (RustDoor) - Terminal Brew

    New Backdoor targeting Apple MacOS (RustDoor)

    New Backdoor targeting Apple MacOS (RustDoor)
  • Sandman APT - Terminal Brew

    Sandman APT

    Researchers recently discovered that the APT group Sandman, known for it's targeting of telecommunications companies, has been directly associated to a Chinese based backdoor (KEYPLUG). 
  • Apple Zero Click Spyware - Terminal Brew

    Apple Zero Click Spyware

    Apple zero-click iMessage exploit allows an attacker to infect iPhones with spyware without any interaction from the end user.