The FBI issued an alert warning about a cyber campaign involving the Hiatus Remote Access Trojan (HiatusRAT) malware.

This malware has been used by cyber actors to exploit vulnerabilities in Chinese-branded web cameras and digital video recorders (DVRs).

The campaign, which began earlier in the year, included scanning activities targeting such devices in countries such as the United States, Australia, Canada, New Zealand, and the United Kingdom. Initially focused on outdated network devices, the campaign has since expanded, with cybersecurity firms observing its use against organizations in Taiwan and even against a U.S. government server involved in defense contract submissions.

The FBI's alert emphasized that the attackers exploited known vulnerabilities and default credentials in older, unsupported devices - many of which are integral to video surveillance systems. These devices often lack manufacturer patches, making them particularly susceptible to compromise.

Scott Gee, the American Hospital Association's (AHA) deputy national advisor for cybersecurity and risk, highlighted the importance of including Internet of Things (IoT) devices in patch management programs, and not just patching traditional IT systems. The FBI recommends replacing outdated equipment with newer, supported models to mitigate risk.

For further guidance, the AHA encourages organizations to consult their cybersecurity resources or contact their cybersecurity advisor directly.

Source: https://www.aha.org/news/headline/2024-12-19-fbi-issues-alert-hiatusrat-malware

Commentary

As mentioned in the above source, the HiatusRAT malware campaign works by exploiting known vulnerabilities and default credentials in outdated or unsupported devices such as web cameras and digital video recorders.

These devices, often used in corporate environments for physical security, are typically connected to the internet but lack robust security measures. Once compromised, the malware allows attackers to remotely access and control the devices, turning them into entry points for broader network infiltration.

The attackers can use these compromised systems to monitor internal activities, pivot into more sensitive parts of the network, or even launch further attacks from within the organization's infrastructure.

For corporate security and data protection, the implications of such a breach are significant.

Video surveillance systems, while primarily used for physical monitoring, are increasingly integrated into broader IT ecosystems. If these systems are hacked, attackers could gain visibility into physical layouts, employee routines, and potentially sensitive operational activities.

Moreover, compromised devices can serve as persistent footholds for attackers, enabling long-term surveillance or data exfiltration. This undermines not only physical security but also the integrity of digital systems. Organizations may face regulatory consequences, reputational damage, and financial losses if such breaches lead to exposure of personal or proprietary information.

The final takeaway is that to maintain safety, organizations must up-date firmware, replace unsupported hardware, and include IoT devices in cybersecurity policies.