One Article Review
| Source |  Techworm |
|---|---|
| Identifiant | 8630524 |
| Date de publication | 2024-12-17 15:16:10 (vue: 2024-12-27 09:08:19) |
| Titre | FBI Warns Of HiatusRAT Malware Targeting Web Cams & Other IoT Devices |
| Texte | The U.S. Federal Bureau of Investigation (FBI) issued a Private Industry Notification (PIN) on Monday, alerting organizations of a new wave of HiatusRAT malware attacks against Chinese-branded web cameras and DVRs.
“HiatusRAT is a Remote Access Trojan (RAT) whose latest iteration has likely been employed since July 2022. Malicious cyber actors commonly use RATs to take over and control a targeted device from a distance,” the FBI said.
“The Hiatus campaign originally targeted outdated network edge devices. Cybersecurity companies have also observed these actors using the malware to target a range of Taiwan-based organizations and to carry out reconnaissance against a US government server used for submitting and retrieving defense contract proposals.”
The scanning campaign, first identified in March 2024, targeted vulnerable Internet of Things (IoT) devices, specifically web cameras and DVRs, in countries including the United States, Australia, Canada, New Zealand, and the United Kingdom.
According to the FBI, the threat actors behind the HiatusRAT malware scanned web cameras and DVRs for vulnerabilities including CVE-2017-7921, CVE-2018-9995, CVE-2020-25078, CVE-2021-33044, CVE-2021-36260, alongside weak vendor-supplied passwords. Many of these vulnerabilities remain unaddressed by the vendors.
Further, the threat actors particularly targeted Chinese-branded products such as Hikvision and Xiongmai with telnet access that were outdated or unpatched.
Tools like Ingram, an open-source scanner for web camera vulnerabilities was used to conduct scanning activity, while Medusa, an open-source brute-force authentication cracking tool, was used to target Hikvision cameras with telnet access.
The malware’s scanning efforts targeted web cameras and DVRs with the 23, 26, 554, 2323, 567, 5523, 8080, 9530, and 56575 TCP ports that were exposed to Internet access.
Once infiltrated, compromised systems are converted into SOCKS5 proxies, facilitating covert communication with command-and-control servers and enabling further malware deployment.
Following successful HiatusRAT malware attacks, the FBI strongly advises network administrators to limit the use of the devices mentioned in the PIN by isolating and/or replacing vulnerable devices to prevent network breaches and lateral movement.
The agency has also urged system administrators and cybersecurity professionals to monitor for indications of compromise (IOC) and report any suspicious activity to the FBI\'s Internet Crime Complaint Center or local field offices.
The U.S. Federal Bureau of Investigation (FBI) issued a Private Industry Notification (PIN) on Monday, alerting organizations of a new wave of HiatusRAT malware attacks against Chinese-branded web cameras and DVRs. “HiatusRAT is a Remote Access Trojan (RAT) whose latest iteration has likely been employed since July 2022. Malicious cyber actors commonly use RATs to take over and control a targeted device from a distance,” the FBI said. “The Hiatus campaign originally targeted outdated network edge devices. Cybersecurity companies have also observed these actors using the malware to target a range of Taiwan-based organizations and to carry out reconnaissance against a US government server used for submitting and retrieving defense contract proposals.” The scanning campaign, first identified in March 2024, targeted vulnerable Internet of Things (IoT) devices, specifically web cameras and DVRs, in countries including the United States, Australia, Canada, New Zealand, and the United Kingdom. According to the FBI, the threat actors behind the HiatusRAT malware scanned web cameras and DVRs for vulnerabilities including CVE-2017-7921, CV |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | “the 2017 2018 2020 2021 2022 2024 2323 25078 33044 36260 5523 554 56575 567 7921 8080 9530 9995 access according activity actors administrators advises against agency alerting alongside also and/or any are attacks australia authentication based been behind branded breaches brute bureau camera cameras campaign cams canada carry center chinese command commonly communication companies complaint compromise compromised conduct contract control converted countries covert cracking crime cve cyber cybersecurity defense deployment device devices distance dvrs edge efforts employed enabling exposed facilitating fbi federal field first following force from further government has have hiatus hiatusrat hikvision identified including indications industry infiltrated ingram internet investigation ioc iot isolating issued iteration july kingdom lateral latest like likely limit local malicious malware malware’s many march medusa mentioned monday monitor movement network new notification observed offices once open organizations originally other out outdated over particularly passwords pin ports prevent private products professionals to proposals proxies range rat rats reconnaissance remain remote replacing report retrieving said scanned scanner scanning server servers since socks5 source specifically states strongly submitting successful such supplied suspicious system systems taiwan take target targeted targeting tcp telnet these the fbi things threat tool tools trojan unaddressed united unpatched urged use used using vendor vendors vulnerabilities vulnerable warns wave weak web whose xiongmai zealand “hiatusrat |
| Tags | Malware Tool Vulnerability Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.