Threat Awareness – HiatusRAT Actors Targeting Chinese-Branded Web Cameras and DVRs

WaterISAC is sharing this (TLP:CLEAR) Private Industry Notification (PIN) for member awareness. The FBI is highlighting the HiatusRAT1 scanning campaigns against Chinese-branded web cameras and DVRs. Private sector partners are encouraged to implement the recommendations listed in the “Mitigation” column of the report to reduce the likelihood and impact of these attack campaigns.

In March 2024, HiatusRAT actors conducted a scanning campaign targeting Internet of Things (IoT) devices in the US, Australia, Canada, New Zealand, and the United Kingdom. The actors scanned web cameras and DVRs for vulnerabilities and weak vendor-supplied passwords. Many of these vulnerabilities have not yet been mitigated by the vendors. In particular, the actors targeted Xiongmai and Hikvision devices with telnet access.

The FBI recommends limiting the use of the devices mentioned and/or isolating them from the rest of your network. Companies should also regularly monitor networks and employ best practices for cybersecurity. Access the full report at FBI’s IC3.