Cyber Security

Threat actor targeted DOD contracting website

Malware leveraging flaws in edge routers has been spying on military contracting websites, according to research from Lumen’s Black Lotus Labs.

Malware leveraging flaws in edge routers has been observed siphoning data from public-facing U.S. military websites, according to a recent blog post from Black Lotus Labs.

The cyber research firm first reported on the exploit, dubbed HiatusRAT, in March. The threat group associated with the effort continued its campaign despite public exposure. 

In June, the malware was observed targeting military systems as well as those associated with organizations based in Taiwan. Researchers characterized these efforts as reconnaissance, but the HiatusRAT exploit can also be highly invasive, allowing threat actors to monitor targeted machines and networks and capture router traffic.

While the contracting systems targeted in this recent HiatusRAT campaign are public facing, researchers at Black Lotus Labs theorize that the threat actor is looking to not only capture unclassified documents on defense acquisition but to obtain information on Defense Industrial Base companies that interact with the system, “potentially for subsequent targeting.”

The most recent version of the malware dates back to July 2022, according to Black Lotus Labs, and has been observed in Latin America and Europe, in addition to the activity targeting a U.S. military server and Taiwan-based groups.

Black Lotus researchers note that exploits targeting business-grade routers and networking equipment are difficult to combat, in part, because “there currently is no universal mechanism to clean up these devices.” 

The researchers said that the campaign’s targets align with the strategic goals of China as articulated in U.S. intelligence community reports, but the blog post stops short of attributing the current campaign to Chinese groups.

Source: https://www.nextgov.com/cybersecurity/2023/08/threat-actor-targeted-dod-contracting-website/389643/

Click to comment

You May Also Like

Cyber Security

A top Defense Department official described the private sector as “absolutely essential” in implementing the agency’s new cyber strategy. A top Defense Department official...

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Cyber Security

How a cornerstone cybersecurity program has evolved from information collection to active defense. The Cybersecurity and Infrastructure Security Agency has used its Continuous Diagnostics...

Cyber Security

AttackCrypt, an open-source “crypter,” was recently used by cybercriminals to hide malware binaries and avoid antivirus detection. A crypter is a kind of software that can...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version