A previously identified flaw tracked as CVE-2021-36260 was found affecting over 80,000 Hikvision cameras that, if not patched, would allow threat actors to abuse.
A firmware update that addressed the vulnerability was published by Hikvision last September 2021. However, there are still thousands of systems left unpatched that are used by numerous organisations worldwide, exposing them to exploits.
In a reported incident last December, threat actors abused the Hikvision flaw to spread the ‘Moobot’ botnet and register vulnerable systems into swarms of DDoS. There were also two known exploits of the flaw in October 2021 and February 2022 identified by security researchers.
CISA released an advisory about the Hikvision flaw being one of the most actively exploited bugs that hackers could take over if not immediately patched.
According to researchers, several Russian-speaking dark web vendors sell network entrance points for compromised Hikvision cameras, which other threat groups often use for lateral movement or botnet operations.
The vulnerable Hikvision cameras were mostly located in China, the US, the UK, Vietnam, Thailand, Ukraine, Romania, South Africa, France, and the Netherlands. Currently, no threat group is named a perpetrator for the previous exploitations using the Hikvision flaw. Nonetheless, researchers do not cross out the possibility that some cyberespionage groups are involved in the campaigns, including APT41 and APT10.
Though not confirmed related, the security researchers have provided an instance of a cyberespionage campaign dubbed as ‘think pocket’ that focused on targeting popular connectivity tech firms being used by numerous sectors globally since August of last year.
Researchers also added that the exploitations of vulnerable connectivity products, such as Hikvision cameras, had been utilised by threat groups to start geopolitically motivated cyber warfare.
Some experts consider the issue of setting up weak passwords for the cameras, thus posing more risks against cyberattacks. There are instances when users do not set difficult-to-guess password combinations since it is more convenient for them to set easy ones or when they never reset the default password during the initial set-up.
Companies or entities that use Hikvision cameras are highly advised to immediately update their firmware systems to avoid being victimised by cybercriminals. Applying strong passwords should also be a priority.
