The hackers are deploying tools like HiatusRAT and leveraging open-source software such as Ingram for scanning devices and Medusa for brute-force authentication. These attacks exploit vulnerabilities, including flaws cataloged by CISA, such as CVE-2017-7921, CVE-2018-9995, and CVE-2021-36260, alongside weak vendor-supplied credentials.
Hikvision and Xiongmai devices have long been favored by hackers due to outdated firmware, unpatched vulnerabilities, and poor security practices. Some devices don’t receive updates, especially if sold through unauthorized resellers or if support has ended. A similar trend was seen in 2016, when hacked Xiongmai devices contributed to the Mirai botnet DDoS attack that disrupted major internet services in the U.S.
The FBI highlights that threat actors are actively scanning the internet for vulnerable devices, underscoring the urgent need for organizations and individuals to patch devices, change default credentials, and ensure proper security protocols are in place. Without proactive action, these internet-of-things devices remain an easy target for cybercriminals.
Source: GovInfoSecurity
The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.