Attacks with the HiatusRAT malware were noted by the FBI to have been launched against outdated internet-exposed web cameras and DVRs, particularly those manufactured by Hikvision and Xiongmai, since March, BleepingComputer reports.
Threat actors commenced scanning vulnerable online webcams and DVRs in the U.S., Canada, Australia, New Zealand, and the UK impacted by the CVE-2017-7921, CVE-2018-9995, CVE-2020-25078, CVE-2021-33044, and CVE-2021-36260 flaws, as well as default passwords, which were later compromised through the open-source authentication brute-force tool Medusa, according to the FBI. Immediate isolation of the affected devices has been recommended by the FBI, which also called on cybersecurity professionals and system admins to promptly report suspected indicators of compromise. Such a development comes after HiatusRAT — which was initially discovered by Lumen researchers to have been used for additional payload delivery — was leveraged to establish an obscured proxy network consisting of DrayTek Vigor VPN routers across the Americas and Europe.