HiatusRAT Malware Targets IoT Devices
ConnectWise
A platform of software & services built for TSPs. Follow us for product updates, company news, business advice and more.
by: Bryson Medlock
The FBI has issued a warning about HiatusRAT malware actively scanning and infecting vulnerable web cameras and DVRs. These attacks primarily target Chinese-branded devices lacking recent security patches or those that have reached end-of-life. In March 2024, HiatusRAT actors conducted a scanning campaign focusing on IoT devices in the US, Australia, Canada, New Zealand, and the United Kingdom. They exploited vulnerabilities such as CVE-2017-7921, CVE-2018-9995, CVE-2020-25078, CVE-2021-33044, CVE-2021-36260, and default vendor passwords.
The attackers predominantly targeted Hikvision and Xiongmai devices with exposed telnet access. They utilized open-source tools like Ingram for vulnerability scanning and Medusa for brute-force authentication attacks. The attacks focused on devices with TCP ports 23, 26, 554, 2323, 567, 5523, 8080, 9530, and 56575 open to the internet.
This trend highlights the increasing exploitation of IoT devices by cybercriminals. Many such devices suffer from outdated software and weak security configurations, making them attractive targets. The compromise of these devices can lead to unauthorized network access, data breaches, and their incorporation into botnets for further malicious activities.
When securing networks, it's essential not to overlook IoT devices.
With the holiday season approaching, there is a notable rise in cyberattacks. Cybercriminals often exploit this period, anticipating reduced vigilance from both individuals and organizations. Common tactics include phishing scams, ransomware, and attacks on e-commerce platforms.
It's crucial to remain vigilant and implement robust security measures during this time.