The FBI has recently issued a Private Industry Notification (PIN) alerting the public about the emergence of new malware campaigns that target Chinese-branded web cameras and DVRs. These campaigns utilize a remote access trojan (RAT) known as HiatusRAT, which enables cybercriminals to gain remote access to compromised devices.
Since at least July 2022, HiatusRAT has been evolving and has been utilized by hackers to infiltrate outdated network devices, Taiwanese organizations, and even a US government server. Past campaigns involving HiatusRAT have primarily focused on edge routers to passively collect traffic and operate as a covert command-and-control network. However, more recent campaigns in March 2024 have shifted their focus to webcams and DVRs in countries such as the US, Canada, UK, Australia, and New Zealand.
Hackers are exploiting security vulnerabilities in devices from manufacturers like Hikvision and D-Link, as these vendors have not addressed critical flaws such as CVE-2017-7921 (Hikvision cameras), CVE-2020-25078 (D-Link devices), CVE-2018-9995, CVE-2021-33044, and CVE-2021-36260, among others. These vulnerabilities are being leveraged to target devices with telnet access, a known insecure remote access protocol, and to conduct brute-force attacks. Cybercriminals have specifically targeted Xiongmai and Hikvision devices with telnet access using scanning tools like Ingram and Medusa.
In response to the escalating threat posed by these HiatusRAT campaigns, the FBI recommends that companies take proactive measures to mitigate the risk. These measures include isolating vulnerable devices from networks, implementing multi-factor authentication, enforcing strong password policies, and promptly updating firmware and software to address known vulnerabilities.
Former federal critical infrastructure official Sonu Shankar is collaborating with Chief Information Security Officers (CISOs) to address the growing threat landscape posed by these malware campaigns. By working together, cybersecurity experts and industry professionals can enhance their defenses against sophisticated cyber threats like HiatusRAT and protect critical infrastructure from potential attacks.
Overall, the FBI’s alert underscores the importance of remaining vigilant against evolving cyber threats and highlights the critical need for proactive cybersecurity measures to safeguard network devices and sensitive information from malicious actors. By staying informed and implementing recommended best practices, organizations can strengthen their cybersecurity posture and defend against emerging threats in the digital landscape.