US military, Taiwan orgs targeted by reemerging HiatusRAT malware

New reconnaissance attacks against a U.S. Department of Defense server involved in defense contracts and Taiwan-based semiconductor and chemical firms have been deployed by the threat operation behind the HiatusRAT malware, which has reemerged months after a cyberespionage campaign against European and Latin American organizations that involved the exploitation of business-grade routers, The Hacker News reports. Ready-made HiatusRAT binaries for Arm, x86-64, Intel 80386, MIPS, MIPS64, and i386 architectures have been leveraged by threat actors in the latest campaign that commenced in mid-June, according to a report from Lumen's Black Lotus Labs. Further investigation revealed the presence of payload and reconnaissance servers in the infrastructure of HiatusRAT, which had more than 91% of inbound connections originating from Taiwan. Ruckus edge devices have also been a primary target of the new attacks. "Despite prior disclosures of tools and capabilities, the threat actor took the most minor of steps to swap out existing payload servers and carried on with their operations, without even attempting to re-configure their C2 infrastructure," said researchers.