Cloud Security, Endpoint/Device Security, Malware

Enterprise SOHOs subjected to Cuttlefish malware attacks

Close-up of a WiFi router

Security Affairs reports that attacks with the novel Cuttlefish malware have been deployed against enterprise-grade small office/home office routers between October 2023 and April 2024 to facilitate the exfiltration of public cloud authentication information.

Most of the routers compromised by the intrusions were from Turkey but global satellite phone provider clients and a U.S.-based data center may have also been impacted, according to a report from Lumen Technologies' Black Lotus Labs.

Similar to the China-linked HiatusRAT malware, Cuttlefish not only allows HTTP and DNS takeover for private IP address connections but also interacts with other LAN-based devices to enable data transfers and additional agent deployment, the report revealed. Amazon Web Services, Cloudflare, BitBucket, and other public cloud-based services have also been primarily targeted by the malware.

"Cuttlefish represents the latest evolution in passive eavesdropping malware for edge networking equipment, allowing an actor to adapt and overcome the TLS configurations adopted by more modern enterprise," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.