FBI Warns Of HiatusRAT Malware Targeting Web Cams & Other IoT Devices

The U.S. Federal Bureau of Investigation (FBI) issued a Private Industry Notification (PIN) on Monday, alerting organizations of a new wave of HiatusRAT malware attacks against Chinese-branded web cameras and DVRs.

โ€œHiatusRAT is a Remote Access Trojan (RAT) whose latest iteration has likely been employed since July 2022. Malicious cyber actors commonly use RATs to take over and control a targeted device from a distance,” theย FBI said.

“The Hiatus campaign originally targeted outdated network edge devices. Cybersecurity companies have also observed these actors using the malware to target a range of Taiwan-based organizations and to carry out reconnaissance against a US government server used for submitting and retrieving defense contract proposals.โ€

The scanning campaign, first identified in March 2024, targeted vulnerable Internet of Things (IoT) devices, specifically web cameras and DVRs, in countries including the United States, Australia, Canada, New Zealand, and the United Kingdom.

According to the FBI, the threat actors behind the HiatusRAT malware scanned web cameras and DVRs for vulnerabilities including CVE-2017-7921, CVE-2018-9995, CVE-2020-25078, CVE-2021-33044, CVE-2021-36260, alongside weak vendor-supplied passwords. Many of these vulnerabilities remain unaddressed by the vendors.

Further, the threat actors particularly targeted Chinese-branded products such as Hikvision and Xiongmai with telnet access that were outdated or unpatched.

Tools like Ingram, an open-source scanner for web camera vulnerabilities was used to conduct scanning activity, while Medusa, an open-source brute-force authentication cracking tool, was used to target Hikvision cameras with telnet access.

The malware’s scanning efforts targeted web cameras and DVRs with the 23, 26, 554, 2323, 567, 5523, 8080, 9530, and 56575 TCP ports that were exposed to Internet access.

Once infiltrated, compromised systems are converted into SOCKS5 proxies, facilitating covert communication with command-and-control servers and enabling further malware deployment.

Following successful HiatusRAT malware attacks, the FBI strongly advises network administrators to limit the use of the devices mentioned in the PIN by isolating and/or replacing vulnerable devices to prevent network breaches and lateral movement.

The agency has also urged system administrators and cybersecurity professionalsย to monitor for indications of compromise (IOC) and report any suspicious activity to the FBIโ€™s Internet Crime Complaint Center or local field offices.

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!
spot_img

Read More

Suggested Post