Threat actor targeted DOD contracting website
Malware leveraging flaws in edge routers has been observed siphoning data from public-facing U.S. military websites, according to a recent blog post from Black Lotus Labs.
The cyber research firm first reported on the exploit, dubbed HiatusRAT, in March. The threat group associated with the effort continued its campaign despite public exposure.
In June, the malware was observed targeting military systems as well as those associated with organizations based in Taiwan. Researchers characterized these efforts as reconnaissance, but the HiatusRAT exploit can also be highly invasive, allowing threat actors to monitor targeted machines and networks and capture router traffic. While the contracting systems targeted in this recent HiatusRAT campaign are public facing, researchers at Black Lotus Labs theorize that the threat actor is looking to not only capture unclassified documents on defense acquisition but to obtain information on Defense Industrial Base companies that interact with the system, "potentially for subsequent targeting."