Cuttlefish Malware Hijacks Routers to Steal Cloud Data; Enterprises at Risk
May 1, 2024Black Lotus Labs has detected 'Cuttlefish', a sophisticated malware targeting enterprise and SOHO routers to harvest cloud authentication credentials.
Cuttlefish, with modular design, has been active since July 27, 2023, and its recent campaign runs from October 2023 to April 2024.
The malware aims at cloud services like Alicloud, AWS, and CloudFlare, capable of DNS and HTTP hijacking to reroute private network traffic.
Stolen data is logged and sent to a command-and-control server, jeopardizing cloud resources that lack traditional security measures.
Cuttlefish is possibly linked to Chinese threat actors and shares interests with HiatusRat, suggesting a coordinated cyber threat landscape.
To mitigate risks, organizations should strengthen credentials, encrypt traffic, secure interfaces, and users should update and maintain router security.
Summary based on 4 sources
Get a daily email with more Tech stories
Sources
BleepingComputer • Apr 30, 2024
New Cuttlefish malware infects routers to monitor traffic for credentialsDark Reading • May 1, 2024
'Cuttlefish' Zero-Click Malware Steals Private Cloud DataSecurityWeek • May 1, 2024
Cuttlefish Malware Targets Routers, Harvests Cloud Authentication DataSecurity Affairs • May 1, 2024
Cuttlefish targets enterprise-grade SOHO routers