The Federal Bureau of Investigation (FBI) has issued an alert about an ongoing malware campaign targeting internet-connected security cameras and digital video recorders (DVRs), particularly those manufactured by Chinese brands.
The malware known as HiatusRAT (Remote Access Trojan), has expanded its reach beyond network devices to scan Internet of Things (IoT) devices from manufacturers including Hikvision, D-Link, and Dahua across the United States, Australia, Canada, New Zealand, and the United Kingdom.
According to the FBI's Private Industry Notification, the threat actors are actively exploiting multiple security vulnerabilities in these devices, including several that remain unpatched by vendors. The attackers also target systems using weak default passwords supplied by manufacturers.
The campaign employs open-source tools like Ingram for scanning and Medusa for breaking into devices through password attacks. Targeted systems show activity across multiple network ports commonly used by security cameras and DVRs.
The FBI has observed this malware operation since July 2022, with recent activity suggesting possible ties to Chinese state interests. In June 2023, the group targeted a U.S. military procurement system and organizations in Taiwan, indicating a focus on defense-related intelligence gathering.
To protect against HiatusRAT attacks, the FBI recommends:
- Isolating vulnerable devices from networks
- Implementing strong password policies
- Enabling multi-factor authentication
- Regular security updates and patches
- Network monitoring for suspicious activity
- Creating offline backups
Organizations discovering signs of compromise should report incidents to the FBI or Internet Crime Complaint Center (IC3).
The expanding scope of HiatusRAT from network infrastructure to security cameras highlights growing concerns about IoT device security and potential state-sponsored cyber surveillance activities.