Hiatus Hacking Campaign Targets DrayTek Vigor Routers to Steal Data

Threat Level

Attack Report

Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs.

Summary

A malware campaign called “Hiatus” that targets business-grade routers, specifically DrayTek Vigor models 2960 and 3900 running an i386 architecture. The campaign started in July 2022 and is ongoing, the campaign deploys two malicious binaries: HiatusRAT, a Remote Access Trojan, and a variant of tcpdump that enables packet capture.