FBI Warns Of HiatusRAT Targeting Cameras And DVRs

The Federal Bureau of Investigation (FBI) has issued a Private Industry Notification (PIN) to warn against an ongoing malware campaign targeting Chinese-branded web cameras and digital video recorders (DVRs).

The malware, known as HiatusRAT, grants attackers remote access to compromised devices, raising significant cybersecurity concerns.

HiatusRAT, a remote access trojan, has been active since July 2022. It was initially employed to exploit outdated edge network devices, enabling malicious actors to collect traffic and establish covert command-and-control networks.

More recently, the malware has been observed targeting Internet of Things (IoT) devices, including web cameras and DVRs.

The FBI notes that these attacks focus on exploiting vulnerabilities in devices produced by Chinese manufacturers such as Xiongmai and Hikvision. Attackers have been scanning for weaknesses like improper authentication, outdated firmware, and weak or default passwords.

Specific vulnerabilities, including CVE-2017-7921 and CVE-2018-9995, have been targeted, allowing attackers to bypass authentication or escalate privileges. The malware campaign has affected devices in the United States, Australia, Canada, New Zealand, and the United Kingdom.

Using tools like Ingram and Medusa, the attackers exploit TCP ports commonly associated with these devices. Despite the critical risks, many of the vulnerabilities remain unpatched by manufacturers, leaving numerous devices exposed to further exploitation.

The FBI has outlined several mitigation strategies to reduce the likelihood and impact of these attacks. Key recommendations include updating device firmware, replacing unsupported models, enforcing strong password policies, and implementing multi-factor authentication.

Organizations are also urged to segment their networks, monitor traffic for abnormal activities, and disable unused remote access ports.

The agency emphasized the importance of timely action, particularly for organizations relying on IoT devices for surveillance or operational purposes. These devices, often critical to infrastructure, are highly susceptible to exploitation if not adequately secured.

The FBI’s warning highlights the broader risks associated with the growing number of connected devices in modern networks. As the threat landscape evolves, the agency calls on the private sector to prioritize cybersecurity best practices to defend against malicious actors leveraging tools like HiatusRAT.