The HiatusRAT malware has re-emerged from its slumber to prove how resilient it is by targeting multiple organizations in Taiwan and the US.
As with most malware which is deemed successful in terms of its longevity, the threat actors launching HiatusRAT have ensured that it’s more powerful than ever. And, to strengthen its attack, they have redesigned it to escape detection. So far, the majority of the organizations targeted by this latest version of HiatusRAT have been based in Taiwan, but at least one US-based military system has also been attacked. And, with HiatusRAT seemingly operating at full throttle, it’s likely to spread even further.
Due to the potential danger contained within HiatusRAT, we’re going to take you through how it operates and how you can protect your organization.
The Lowdown on the Latest HiatusRAT Campaign
HiatusRAT was first detected back in March 2023, when it was discovered infecting the routers of various organizations in Europe and North and South America. This attack involved stealing data by hijacking email channels as well as installing a remote-access Trojan (RAT) on infected routers. It was an attack which led to significant data loss, but the malware’s activity soon dropped off. However, during this downtime, HiatusRAT has been refined and reconfigured.
Again, HiatusRAT appears to be targeting routers and similar networking devices. By redesigning HiatusRAT to target ARM and Intel hardware, the threat actors – who are currently unknown – have managed to enhance the potency of their malware. Operating with two types of servers – Tier 1 and Tier 2 – they have been able to use multiple IP addresses to transmit data to remote sources. As the attack has targeted at least one military system, it’s suspected that there may be a nation-state involved with the attack. However, as of now, security researchers have been unable to pinpoint the true motives outside of data theft.
Protecting Your Organization from HiatusRAT
You may not run an organization in the military industry, but RAT-based malware doesn’t tend to discriminate. Therefore, you need to be on your guard against HiatusRAT and other similar attacks. Remaining vigilant is crucial, and you can strengthen this vigilance by practicing the following:
- Always install updates: many malware attacks are the result of an unpatched vulnerability giving threat actors free access to your IT systems. This means that installing updates, for every piece of software and hardware you use, is vital. It may feel like a time-consuming task in the short-term, but ultimately it could save your organization from data breaches and significant disruption.
- Monitor network activity: HiatusRAT was observed to be transmitting data to a remote server for around two hours, and this is why monitoring network activity is so important. Occasionally, there can be a surge in network activity, but this is most often related to identifiable reasons and directed towards known destinations. However, anything out of the ordinary – such as unusual destinations and IP addresses – should immediately be investigated.
- Educate your employees: one of the surest ways for malware to breach your IT infrastructure is through your employees. This means that strong IT induction programs need to be implemented and regular refresher courses conducted to solidify this knowledge.
For more ways to secure and optimize your business technology, contact your local IT professionals.
