FBI Warns of Hiatus RAT Targeting Vulnerable IoT Devices

By /

Listen to this Post

2024-12-20

The Federal Bureau of Investigation (FBI) has issued a stern warning about the increasing threat posed by the Hiatus remote access trojan (RAT) malware. This malicious software has been actively targeting Chinese-branded web cameras and DVRs, particularly those manufactured by Xiongmai and Hikvision.

The FBI advises users to limit the use of such devices and to isolate them from their primary networks to minimize potential risks. The agency’s Private Industry Notification highlighted a recent scanning campaign conducted by HiatusRAT actors in March 2024, targeting IoT devices across the US, Australia, Canada, New Zealand, and the UK.

The latest iteration of HiatusRAT, which has been in operation since 2022, has been observed targeting a wide range of organizations, including those based in Taiwan. Cybersecurity firms have also detected its use in reconnaissance activities against a US government server involved in defense contract proposals.

The attackers have been exploiting known vulnerabilities in these devices, including:

CVE-2017-7921

CVE-2018-9995

CVE-2020-25078

CVE-2021-33044

CVE-2021-36260

Additionally, they have targeted devices with weak, vendor-supplied passwords. For vulnerabilities without available security patches, the FBI recommends replacing affected devices with actively supported models.

The attackers have employed tools like Ingram and Medusa to conduct their malicious activities. Ingram is a webcam-scanning tool used to identify vulnerable devices, while Medusa is a brute-force authentication cracking tool used to compromise devices with weak passwords.

What Undercode Says:

The

Organizations should also consider implementing network segmentation to isolate IoT devices from critical systems. This can help limit the potential damage if a device is compromised. Additionally, using network security tools like firewalls and intrusion detection systems can help identify and block malicious activity.

It’s crucial to recognize that IoT devices are increasingly becoming targets for cyberattacks. By following best practices and staying informed about emerging threats, organizations can significantly reduce their risk of falling victim to these attacks.

References:

Reported By: Infosecurity-magazine.com
https://www.reddit.com/r/AskReddit
Wikipedia: https://www.wikipedia.org
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://craiyon.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Explore More: