Hiatus Hacking Campaign Targets DrayTek Vigor Routers to Steal Data
Hiatus Hacking Campaign Targets DrayTek Vigor Routers to Steal Data
Threat Level
Attack Report
Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs.
Summary
A malware campaign called “Hiatus” that targets business-grade routers, specifically DrayTek Vigor models 2960 and 3900 running an i386 architecture. The campaign started in July 2022 and is ongoing, the campaign deploys two malicious binaries: HiatusRAT, a Remote Access Trojan, and a variant of tcpdump that enables packet capture.