New Case Study: Credit Union Boosts Secops With Continuous Testing
Learn More
New Research: Broken Attestation in Windows Admin Center
Learn More
Whitepaper: An Inside Look at the Technology Behind Cymulate
Learn More
New Integration Partnership with WIZ!
Learn More
Book a Demo
Book a Demo

HiatusRAT Targets SOHO Routers

March 23, 2023

Business grade routers are being infected with the HiatusRAT Remote Access Trojan a variant of tcpdump to perform packing capturing and a bash script deployed post-exploitation. The malicious software opens a listener on port 8816 and sends sensitive information to command-and-control servers. Data collected includes system network and file information as well as information about the running processes on the infected device.

Featured Resources

View More Resources
image
blog

Validating Cloud Threat Detection with Wiz Defend and Cymulate

Cymulate-Wiz integration enables proven cloud threat detection by simulating real attacks and verifying Wiz Defend.

Read More
image
blog

Kerberos Authentication Relay Via CNAME Abuse 

A breakdown of Kerberos authentication relay using CNAME abuse and mitigation considerations.

Read More
image
blog

CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center 

A subtle Azure SSO token validation flaw allowed attackers to escalate privileges and move laterally across WAC-managed systems.

Read More