New: Threat Exposure Validation Impact Report 2025
Learn More
Join our Summer Webinar Series on Threat Exposure Validation
Register Now
Come meet us at Black Hat USA 2025 | Booth 1640
Book a Meeting

HiatusRAT Targets SOHO Routers

March 23, 2023

Business grade routers are being infected with the HiatusRAT Remote Access Trojan a variant of tcpdump to perform packing capturing and a bash script deployed post-exploitation. The malicious software opens a listener on port 8816 and sends sensitive information to command-and-control servers. Data collected includes system network and file information as well as information about the running processes on the infected device.