FBI Warns of HiatusRAT Exploiting Web Camera and DVR Vulnerabilities

The Federal Bureau of Investigation recently issued a serious warning about the HiatusRAT malware, which has been exploiting vulnerabilities in web cameras and DVR systems. Active since mid-2022, HiatusRAT has primarily targeted high-bandwidth routers, resulting in a significant number of compromised organizations across Europe, Latin America, and the United States. Among its many exploits, the malware has conducted reconnaissance on a U.S. military procurement system and has targeted industries in Taiwan, including government sectors, semiconductor manufacturers, and chemical manufacturing companies.

In March 2024, threat actors associated with the HiatusRAT malware were found scanning for web cameras and DVRs that had well-documented vulnerabilities. Some of these vulnerabilities are listed in CISA’s Known Exploited Vulnerabilities catalog. The targeted devices were mainly from manufacturers Xiongmai and Hikvision, and the threat actors used the Ingram scanning tool along with several known vulnerabilities such as CVE-2017-7921, CVE-2018-9995, CVE-2020-25078, CVE-2021-33044, and CVE-2021-36260. Alarmingly, many of these vulnerabilities have yet to be addressed by the vendors, affecting a diverse array of rebranded devices.

Recommendations for Organizations

The FBI recommends that organizations stay vigilant and take the following steps to protect their systems:

1. Regularly update firmware for all web cameras and DVR systems to the latest versions provided by manufacturers.
2. Review and apply patches for known vulnerabilities, particularly those listed in CISA’s Known Exploited Vulnerabilities catalog.
3. Limit network access to web cameras and DVRs to only necessary personnel and monitor network traffic for any suspicious activity.
4. Implement robust security protocols, including strong passwords and multifactor authentication, to further safeguard devices.

By taking these precautionary measures, organizations can help mitigate the risks posed by the HiatusRAT malware and protect their critical systems from exploitation.