Cyber Threat Intel - HiatusRAT

The HiatusRAT malware threat actors have resurfaced and begun performing reconnaissance and targeting activity on US Military and Taiwan-based organizations. Current targets consist of semiconductor and chemical manufacturers in addition to US DOD servers associated to defense contracts. 

HiatusRAT was first discovered by security researchers in early 2023 where they identified exploitation of business grade routers used to gain information on victims primarily located in Latin America and Europe. These victims were used to create a global proxy network for passive traffic collection and Command and Control (C2) activity. 

The threat actors have been identified using the following source addresses to carry out attacks. 

207.246.80[.]240 and 45.63.70[.]57

The current end goal of these threat actors is still unclear, but Terminal Brew recommends searching for any activity regarding these IOCs on your networks and putting blocks in place where necessary.

For a more details about HiatusRAT malware check out this article by The Hacker News. 

https://thehackernews.com/2023/08/hiatusrat-malware-resurfaces-taiwan.html