The Federal Bureau of Investigation (FBI) has issued a Private Industry Notification warning about an ongoing malware campaign targeting Chinese-branded security cameras and digital video recorders (DVRs) across multiple Western nations.
The malware, known as HiatusRAT, enables attackers to remotely control compromised devices. Active since July 2022, the campaign has specifically targeted devices from manufacturers like Xiongmai and Hikvision, exploiting both unpatched vulnerabilities and weak default passwords.
Recent scanning activities have been detected across the United States, Australia, Canada, New Zealand, and the United Kingdom. The attackers employ open-source tools including Ingram for webcam scanning and Medusa for brute-force password attacks via Telnet connections.
According to the FBI notification, the threat actors are targeting multiple known security flaws in these devices, including vulnerabilities from as far back as 2017. The campaign appears particularly focused on gathering intelligence related to U.S. military procurement systems and Taiwan-based organizations.
The FBI has outlined several protective measures, including:
- Removing or isolating vulnerable devices from networks
- Installing security patches promptly
- Using strong, unique passwords
- Implementing multi-factor authentication
- Regular network monitoring
- Network segmentation
- Creating offline backups
Organizations and individuals using affected devices are urged to report any suspicious activities to the FBI or Internet Crime Complaint Center (IC3).
The sophisticated nature of these attacks and their targeting patterns suggest possible connections to state-sponsored activities, though specific attributions were not made in the FBI's notification.