Hiatus Hacking Campaign Targets DrayTek Vigor Routers to Steal Data

Threat Level – Red | Vulnerability Report
Download PDF

A malware campaign called “Hiatus” that targets business-grade routers, specifically DrayTek Vigor models 2960 and 3900 running an i386 architecture. The campaign started in July 2022 and is ongoing, the campaign deploys two malicious binaries: HiatusRAT, a Remote Access Trojan, and a variant of tcpdump that enables packet capture.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox