Alert: FBI Warns of Aggressive HiatusRAT Malware Targeting Home Security Devices

Alert: FBI Warns of Aggressive HiatusRAT Malware Targeting Home Security Devices

FBI Warns of HiatusRAT Malware Targeting IoT Devices

The Federal Bureau of Investigation (FBI) has issued an alert regarding new HiatusRAT malware attacks targeting vulnerable web cameras and DVRs across multiple countries. The campaign, detected in March 2024, primarily affects devices in the United States, Australia, Canada, New Zealand, and the United Kingdom.

The attacks specifically target Chinese-manufactured devices, particularly Hikvision and Xiongmai products, that are either awaiting security patches or have reached end-of-life status. Attackers exploit various vulnerabilities, including CVE-2017-7921 through CVE-2021-36260, and weak default passwords.

Using tools like Ingram and Medusa, threat actors scan for devices with exposed TCP ports (23, 26, 554, 2323, 567, 5523, 8080, 9530, and 56575). Once compromised, the infected devices are converted into SOCKS5 proxies for command-and-control communications.

This campaign follows previous HiatusRAT attacks, including one targeting a Defense Department server and another affecting DrayTek Vigor VPN routers across North America, Europe, and South America.

The FBI recommends:
– Limiting use of vulnerable devices
– Isolating affected devices from networks
– Reporting suspicious activities to the FBI’s Internet Crime Complaint Center

Security researchers note that HiatusRAT’s targeting patterns align with Chinese strategic interests, as mentioned in the Office of the Director of National Intelligence’s 2023 threat assessment.

Share This Article