New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials
May 02, 2024
Cyber Espionage / Network Security
A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily monitoring all traffic through the devices and gather authentication data from HTTP GET and POST requests. "This malware is modular, designed primarily to steal authentication material found in web requests that transit the router from the adjacent local area network (LAN)," the Black Lotus Labs team at Lumen Technologies said in a report published today. "A secondary function gives it the capacity to perform both DNS and HTTP hijacking for connections to private IP space, associated with communications on an internal network." There is source code evidence suggesting overlaps with another previously known activity cluster called HiatusRAT , although no shared victimology has been observed to date. It's said that these two operations are running concurrently. Cuttlefish has been active since at least J...
