Black Lotus Labs has detected 'Cuttlefish', a sophisticated malware targeting enterprise and SOHO routers to harvest cloud authentication credentials.

Cuttlefish, with modular design, has been active since July 27, 2023, and its recent campaign runs from October 2023 to April 2024.

The malware aims at cloud services like Alicloud, AWS, and CloudFlare, capable of DNS and HTTP hijacking to reroute private network traffic.

Stolen data is logged and sent to a command-and-control server, jeopardizing cloud resources that lack traditional security measures.

Cuttlefish is possibly linked to Chinese threat actors and shares interests with HiatusRat, suggesting a coordinated cyber threat landscape.

To mitigate risks, organizations should strengthen credentials, encrypt traffic, secure interfaces, and users should update and maintain router security.