The Federal Bureau of Investigation (FBI) has issued a warning regarding a new cyber campaign utilizing the malicious Hiatusrat malware, targeting vulnerable webcams and Digital DVRs connected to the internet. The attacks are primarily focused on Chinese-made devices that have not received security updates or have reached the end of their life cycle.
According to the notification, in March 2024, attackers scanned IoT devices in the USA, Australia, Canada, New Zealand, and Great Britain. The main targets were webcams and DVRs with vulnerabilities such as CVE-2017-7921, CVE-2018-9995, CVE-2020-25078, CVE-2021-33044, CVE-2021-36260, and weak passwords set by manufacturers.
The hackers are actively targeting devices from Hikvision and XiongMAI brands, gaining access via Telnet. They use tools like INGRAM to identify webcam vulnerabilities and Medusa for authentication data. The cybercriminals are focusing on open TCP ports like 23, 26, 554, 2323, 567, 5523, 8080, 9530, and 56575 for internet access.
The FBI is advising users to limit the usage of these devices or isolate them from the network to prevent further attacks. System administrators and cybersecurity experts are urged to report any suspicious activity to the FBI’s Internet Complaint Center (IC3) or local FBI offices.
This new campaign follows a series of previous attacks, including targeting Draytek Vigor routers, resulting in compromises for over a hundred companies in North America, Europe, and South America. The Hiatusrat malware has been used to establish a covert proxy network on compromised devices.
Experts at Lumen who uncovered Hiatusrat have observed that its primary objective is to distribute additional malware and convert hacked devices into SOCKS5 proxies to communicate with C2 servers. The shift in attack priorities and information gathering aligns with the strategic interests of China.