IoT, Malware, Threat Intelligence, Network Security

Vulnerable webcams, DVRs subjected to HiatusRAT intrusions

Red glowing word cyberattack on a black wall surrounded by green random letters cybersecurity concept 3D illustration

Attacks with the HiatusRAT malware were noted by the FBI to have been launched against outdated internet-exposed web cameras and DVRs, particularly those manufactured by Hikvision and Xiongmai, since March, BleepingComputer reports.

Threat actors commenced scanning vulnerable online webcams and DVRs in the U.S., Canada, Australia, New Zealand, and the UK impacted by the CVE-2017-7921, CVE-2018-9995, CVE-2020-25078, CVE-2021-33044, and CVE-2021-36260 flaws, as well as default passwords, which were later compromised through the open-source authentication brute-force tool Medusa, according to the FBI. Immediate isolation of the affected devices has been recommended by the FBI, which also called on cybersecurity professionals and system admins to promptly report suspected indicators of compromise. Such a development comes after HiatusRAT — which was initially discovered by Lumen researchers to have been used for additional payload delivery — was leveraged to establish an obscured proxy network consisting of DrayTek Vigor VPN routers across the Americas and Europe.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds