| Category | Details |
|---|---|
| Threat Actors | HiatusRAT malware operators. |
| Campaign Overview | Targeting Chinese-branded web cameras and DVRs, exploiting outdated devices and leveraging remote access. |
| Target Regions/Victims | U.S., Canada, UK, Australia, New Zealand, Taiwanese organizations, and a U.S. government server. |
| Methodology | Exploiting unpatched security flaws, brute-forcing access, and using insecure protocols like telnet. |
| Product Targeted | Hikvision cameras, D-Link devices, and Xiongmai devices. |
| Malware Reference | HiatusRAT, used for device infiltration and creating a covert command-and-control network. |
| Tools Used | Ingram (webcam-scanning tool), Medusa (brute-force tool), leveraging telnet access. |
| Vulnerabilities Exploited | CVE-2017-7921 (Hikvision), CVE-2020-25078 (D-Link), CVE-2018-9995, CVE-2021-33044, CVE-2021-36260. |
| TTPs | Passive traffic collection, command-and-control network creation, brute-forcing, scanning for vulnerabilities. |
| Attribution | FBI PIN report links HiatusRAT campaigns to evolving malware operations since 2022. |
| Recommendations | Isolate vulnerable devices, patch/update systems promptly, enforce strong password policies, use MFA, and monitor networks. |
| Source | Hackread |
Read full article: https://hackread.com/fbi-warns-hiatusrat-malware-targeting-webcams-dvrs/
The above summary has been generated by an AI language model
Leave a Reply