The Hiatus campaign is using a new malware called HiatusRAT to target business-grade routers that support VPN connections for remote workers. The RAT steals data from victims and builds a covert proxy network, capturing network traffic including email content, credentials, and file content. At least one hundred businesses across Europe, North America, and South America have been infected since July 2022.
Subscribe below to read why Orpheus’ analysts expect that threat actors experiencing success with this method will continue to exploit remote working conditions for intelligence collection operations.