A specific focus was on Hikvision and Xiongmai units which have Telnet entry. The criminals use the open-source device Ingram to detect vulnerabilities within the net cameras. With Medusa, the attackers use one other open-source device to avoid authentication.
The assaults focused webcams and DVRs with TCP ports 23, 26, 554, 2323, 567, 5523, 8080, 9530, and 56575 open for Web entry.
The marketing campaign is the successor to 2 large-scale sequence of assaults: one which focused a US Division of Protection server in 2023, as Bleeping Pc reported, and one other that focused greater than 100 corporations from North America, Europe, and South America whose DrayTek Vigor VPN routers have been contaminated with HiatusRAT to create a covert proxy community.
