As hard as our security teams tried to shield us from Cuttlefish, the malware discovered in April 2023, the threat resurfaced infecting 600 new IP addresses between October 2023 and April 2024.
The intercosmos CEOPOTNITCA is how the LUMEN IT company states that the malware campaign called “Cuttlefish” is executed. Bro, that is a true reflection of his ability.
On the other side, it’s unbelievable what horrid and devilish tools you may require to enter a small business router or a home network system in a stealthy way, and moving from one infected device in your local net to another by using their vulnerabilities.
Many stories are published about zero-day attacks (as the recent case of the iOS update issuing by Apple in March, 2024, when hackers used a flaw right after it was discovered and medially before it was fixed showed). The zero-clicks are rarer, but this tendency seems to demonstrate the danger of this vulnerability.
The designation zero-click refers to a type of successful exploitation which is a subset of cyberattacks that execute without the victim’s involvement whatsoever. In this example, Cuttlefish will burrow into the system and able to run the entire system without the user having to physically click at the targeted malicious link or opening corrupted files. This is what the cuttlefish are good at, getting an infection that evades the defense mechanism of the host which usually emanates from the action of the host. Therefore, they can do this without the host knowing or recognizing diseases attacks.
One- click approach like this is exposing sensitive information in a more serious and subtle way so that it will not leave any warning signs and trace before the damage is done.
Cuttlefish is the most recent attack vector, which uses modular malware that can complicate the process of command-and-control as a kind of DNS and HTTP hijack.
“This malware is modular, which means that it can be used to steal from web requests that are sent through a managed network (communication between two networks) which then goes to the adjacent LAN,” indicates the report by Lumen Technologies’ “Black Lotus Labs” team.
The Cuttlefish worm will be described as modular because it comprises several unrelated elements, and changing them will not cause any disruptions.
With this modular architecture build-up, the hackers use design to add possession of the attack to their particular objectives, and they can also rely on the conditions of the victim network.
The cuttlefish could be said to perform a DNS hijacking as well as HTTP abnormality as its designers have intentionally built it with those specific modules for the interception and alteration of network traffic.
The network layer is where the malware attacks can occur such as re-routing the DNS tunnels to the trojan servers controlled by hackers or intercepting the HTTP web traffic in order to inject malicious contents.
Besides, the Cuttlefish usually targets the private IPs that are used for connections to a closed network like office or educational facilities with personal information being transmitted over it. This implicates that an adversary prefers to fly under the radar and ensure continued long term presence in the network it appears in.
Then, private IP address targeting allows Cuttlefish to access data and systems that will not look like passive probing against the corporate network but in fact increased scope of the attack without arousing suspicion.
Yet on a blitz, a mimicking in camouflage, and an untimely silent precision of a cuttlefish before he unleashes his dark, opaque weapon like that of hunting.