HiatusRAT is a remote access trojan (RAT) observed targeting internet-exposed web cameras and DVRs, including Hikvision devices. The provided content states that U.S. government reporting described HiatusRAT actors scanning for CVE-2017-7921 during a March 2024 campaign targeting web cameras and DVRs, and that the FBI warned the malware was scanning for and infecting vulnerable devices exposed online. Additional reporting in the content notes prior exploitation of CVE-2018-9995 to spread HiatusRAT. Reported victim geography includes Australia, Canada, the United Kingdom, New Zealand, and the United States. High-confidence behavior from the content is limited to exploitation/scanning activity against vulnerable IoT surveillance and recording devices; no further malware capabilities, persistence mechanisms, or specific indicators of compromise are provided in the source material.
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
5 CVEs Mallory has correlated with this family across public research and vendor advisories. Each row links to the full Mallory page for that vulnerability.
"...FBI issuing a warning regarding HiatusRAT... scanning web cameras and DVRs for vulnerabilities..."
"...FBI issuing a warning regarding HiatusRAT... scanning web cameras and DVRs for vulnerabilities..."
"...FBI issuing a warning regarding HiatusRAT... scanning web cameras and DVRs for vulnerabilities..."
"...FBI issuing a warning regarding HiatusRAT... scanning web cameras and DVRs for vulnerabilities..."
"...FBI issuing a warning regarding HiatusRAT... scanning web cameras and DVRs for vulnerabilities..."
6 distinct techniques documented for this family, organized by ATT&CK tactic.
4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Remote access trojan referenced in the context of campaigns scanning for and exploiting Hikvision camera/DVR vulnerabilities (CVE-2017-7921) to gain access to devices.
HiatusRAT is a remote access trojan that was spread via exploitation of a previous TBK DVR vulnerability (CVE-2018-9995), providing attackers with persistent remote access to compromised devices.
HiatusRAT is a remote access trojan targeting vulnerable IoT devices such as web cameras and DVRs exposed to the internet, enabling attackers to gain persistent access and control.
RAT used to scan/compromise web cameras and DVRs by exploiting known vulnerabilities; first discovered in early 2023 per the report.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.