TIP: Click on subject to list as thread! ANSI
echo: politics
to: All
from: Mike Powell
date: 2024-12-18 10:20:00
subject: FBI warns new malware tar
 [This might explain the recent uptick in non-BBS traffic that is hitting
some popular BBSing ports -- Mike]

FBI warns over new malware targeting webcams and DVRs

Date:
Tue, 17 Dec 2024 14:02:00 +0000

Description:
FBI has a warned government agencies to be on their guard.

FULL STORY

A new Remote Access Trojan (RAT) malware has been detected targeting
Chinese-branded web cameras and DVRs used in Western companies. 

HiatusRAT, and it allows threat actors to take over and control a targeted
device from a distance, says the FBI, which released a new Private Industry
Notification (PIN) warning Hiatus operatives most likely kicked off their
campaign in July 2022, and were looking to spy on US government 
organizations. 

Cybersecurity companies have also observed these actors using the malware to
target a range of Taiwan-based organizations and to carry out reconnaissance
against a US government server used for submitting and retrieving defense
contract proposals, the PIN says.

DVRs and web cams 

The PIN noted the attackers were especially targeting web cameras and DVRs
with known vulnerabilities, especially those who reached end-of-life, and
those whose vendors are yet to patch the flaws. 

Xiongmai and Hikvision were some of the names mentioned in the PIN, although
the wording suggests that there are more vendors whose equipment is being
targeted. 

The FBI also said HiatusRAT scanned for IoT devices in the US, Australia,
Canada, New Zealand, and the UK, for flaws including CVE-2017-7921,
CVE-2018-9995, CVE-2020-25078, CVE-2021-33044, CVE-2021-36260. The crooks 
were also looking for devices with weak vendor-supplied passwords. 

To run the scans, the attackers apparently used off-the-shelf, open-source
software: They used Ingram  a webcam-scanning tool available on Github  to
conduct scanning activity, the FBI said. And they used Medusa  an open-source
brute-force authentication cracking tool  to target Hikvision cameras with
telnet access. Targeted TCP ports have included: 23, 26, 554, 2323, 567, 
5523, 8080, 9530, and 56575.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/fbi-warns-over-new-malware-targeting-we
bcams-and-dvrs

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SOURCE: echomail via QWK@pharcyde.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.