Eight Arms to Hold You: The Cuttlefish Malware
Essential information
- Published
- 02/05/2024 13:50
- Modified
- 02/05/2024 14:17
- Tags
- bash cuttlefish hiatusrat hijacking infostealer
- Related entities
- 40 observables, 10 techniques (mitre), 2 malware, 1 others
Description
The Black Lotus Labs team at Lumen Technologies is tracking a malware platform named Cuttlefish, targeting enterprise-grade small office/home office (SOHO) routers. This modular malware primarily steals authentication material from web requests transiting the router. It can also perform DNS and HTTP hijacking for connections to private IP spaces on internal networks. Cuttlefish overlaps with a previously reported activity cluster called HiatusRat, potentially linked to the interests of the People's Republic of China. While there is code overlap, shared victimology has not been observed between these two malware families.