Botnet Leverages Hikvision Critical Vulnerability For DDoS Attacks And "Extracting Sensitive Data From Victims"

By John Scanlan, Published Dec 09, 2021, 07:21am EST (Info+)

A Mirai-based botnet, Moobot, is targeting devices left vulnerable following Hikvision's 9.8 critical vulnerability in September 2021. The attacks include "extracting sensitive data from victims", which Hikvision argued recently was "literally impossible".

IPVM Image

Cybersecurity concerns are a long-standing issue for Hikvision. The 2019 NDAA banned federal use of its products and the US government is planning to ban further FCC authorizations.

In this report, we look at the Moobot botnet, how it works, what devices are impacted, and Hikvision's response.

**********

**** ********* ************* ** ********** ************ for ********* ***** ** ***** **** control ** *** ******,** *** ********** *** ********** ** explained:

**** ******* ** ******** ** **** full ******* ** ****** **** ** unrestricted **** *****, ***** ** *** more ****** **** **** *** ***** of *** ****** *** ** **** are ********** ** * ******* “********* shell” (***) ***** ******* ***** ** a ********** *** ** *******, ****** informational ********.

Discovered ** ********

************* ************ ******* *** ********* *** ******** of ****** ** **** **** ****. ***** *********'* ********** *****-****-*****, ******** ********* ** ********* ********** signature *** *** *************, ********* ********* behavior ********** *** ************* ** *** process.

How ** *****

********* ******* *** ********* ***** ***-****-*****, allowing ********* ** *** ******** ******* authorization. ** **** ****, *** ******** sends ******** ** ********* **** **** a ***, ***** ****:

IPVM Image

*** ******* ***** ******* "*********" *** then ******** *** **** **** * downloader **** ******** *** **** *** Moobot ******.

********'* ************ ***** *** ******* *******:

IPVM Image

**** ********, ********* ******* *** ** used, ***** **** ***** ******** *******, to ******* **** *******. ****** * DDoS ******, *** ****** ** *********** with ***** ******** **** *** ****** and *** *** ****** ********** ********.

************, *********** ** ******** ***** **** a **** ******* ******** ** ******* the *** ** ***** ******* ** telegram.

"Extracting ********* **** **** *******"

** ******** ** ********* ******* ** other *******, *** ******

** ******** ******** ******** ********** ** leverage **** ************* ** ******* *** status ** ******* **extracting ********* **** **** *******. One payload in particular caught our attention. It tries to drop a downloader that exhibits ********* ******** [emphasis added]

***** ******** **** *** ****** **** specific **** ** ***** *********, **** is *************** *** ** ******** ** do ******* *** ************* ***** **** control **** *** ******.

"Literally **********," **** *********

******* **** ********* *********, *********'* ***/*** Fred ********** **** ******* **** **** that **** ******* ***** ** ********* impossible, ********:

*** ***-***** *** *** ***** ******* are *********** *** *** ****/***** ******* they ********. ** ***** *****, ****’** the **** ********** *** ******* *** data *** ******* *** ***** *******, which ** ******* ******** ** ** kept *******. ****** ****** ** ***** footage ** ***** ******* ** ********** without *** ******* ** *** ***-****.

**** ***** ******** *********'* ******** ****:

Affected *******

** *** ********, ***** *** * vast ****** ** ********* ******* ******** accessible **** *** ** *********. ***** the ***** ****** ** ********* ******* being ********* ** ****** ** *******, Shodan ***** *+ ******* ********* ******* available ** *** ****** ********, ****** this **** *** ******* ****/**********.

IPVM Image

***** *** ******* ** ******* **** were ******** ** **** ******** *************, including **** *******, ****, *********, ***. before ****/**** ****, ** ** ******** that ****** ***** ******* ******** ** thousands ** **** * ******* *********** Hikvision *******.

Moobot *** **** ********* *******

**** **** ****** ** *** * new ****** *** ******* ****** ********'* discovery ** ********* ******* ***** *********. It *** ***** ******** ****** ****, ********* ********/***** ****** ******* *** IoT ********.

** ** ******* **** *** **** devices ****** ********, *** *** ******** of *********** * ******* ** **** vulnerable ********* ******* ***** ** **** larger *** **** *********.

Surveillance ****** *******

***** ******* ********** ********** ************ ******* have **** **** ** ******* ****-******* DDoS *******, ************ **************** ** ****** *******'* ******** *******. ***** * *****-***** *******,********, *** ***** ********** ********* ********/*** cameras.

***** *** ********* ** ****** ******* million ******* ** *** ******** ****. Moobot *** *********** ****** **** ****, given *** ***** ** ********* ******* impacted.

************, *****-***** ******* *** ****-***********, ******* that **** ************ **** *** ********** vulnerable *******. ** ******** *** ** in ***** ********:

******** * ***** *** **** ******** to ******* **** *************, **** *** botnet **** ***** **** ******* *** a ********** *** *****.

**** ***** ******** ******* ******** ** reducing *** ******'* ****/******.

Hikvision ******** ** *******

*********'* ****** ************** *** ** ************ **** **************** ****** **** **** ******* ** comment.

************ ************* ********* ** ******* ** ******* ***** susceptible ** ****** *** **** ******* being *********, ******** ********* *** ***** users ** ********** *** ******** ** CVE-2021-36260.

Hikvision **** ********** ************** *****

********* ********* ** ************* ********** *** "***** *** ****** access" ** "*** ** *** ********* fail":

** *** ** *** ********* **** to **** *** ***** ** *****, who **** ** **** * ***** and ****** ****** ** *** ********* port ******* ** *** ****** ******* the ********, ***** *** **** ** choose *** *********** '**** **********' ******.

************************* ***** *** *********** ** *** surveys, **** **** ********** ***** ********* steady **** *** **** ******* *****, despite *** ****-***** ******** *****.

*********'* **************, ******* **** *** *********** complaints, ** ****** ** ********** ** exploits **** ** ****** *** *** foreseeable ******.

Compound ******* *** *********

*** ************ ** ********* ******* ** Moobot *********** *** ******** ** *********'* cybersecurity *****. ******* ** ******** *** remedy ***** ******** ******** ************* ****** it ***** ** *********, ******* ***** alleged**,*** *&* *********, *** ********.

************, ********* ******* ** ************ ****** users ** *** ******** ** *** vulnerability (*** ******* * ********** **** a *******), *** *** *** ** potentially ******** ** ******* ***** ******** to ****** ******.

Comments (31)

IPVM Image

*****, *** ****** **** **** ******** disappear ** ******** *** ** ******* they *****.

Agree: 11
Disagree
Informative
Unhelpful
Funny: 7

*'** ********* **** ** ** ***** to **** *** **** *** ******* at *** ******** ****** ** *****. Besides, ********* ** ******* ** ******** time ****** **** ** *** ***.

Agree: 3
Disagree
Informative
Unhelpful: 1
Funny

*******, ********* ** ******* ** ******** time ****** **** ** *** ***

*** ********* *** **** ** *** world ****.

Agree: 4
Disagree: 1
Informative
Unhelpful
Funny

*** ******** *** ****** ******** *** others ** *** ****. ****** ****** license **** *** *** **** ** a ****** ** *** *********** ****** you **** **** **** ** ****. That ** *** **** **** *** market ***** *** ** ********.**** ******* to ***** ************* *** ***** ***************, i ** **** ******* **** **** their ***** ** *************** ***.********... ** not ****** **** ******* ** *** internet. ** *** ** *** **** how, **** ******* *** ****.

Agree: 1
Disagree: 4
Informative: 1
Unhelpful
Funny

*** ***** *** ** **** "********* of *** *****".... ** ****, ****'* one ***!

Agree
Disagree: 1
Informative
Unhelpful: 2
Funny

** *** ******* **** ********* *** cyber ******** ****** ** **** *** fact **'* **** ** ** ********** by *****? ****** ******** **** *'* kind ** ***** ** *** *********. We *** ****** ** ****** **** in ***** ******'* *** ** ** it ** ******* ** * ********* mandate ******* ** *** ********* **** we ******'* **** *****? ** **'* about *** ********** *** ** ******* force ***** *** ******** ******* **** firmware/software ** ** **** *** **** "verified" **** *** ****** **** **** calling *** ** ******* ** *****? Could ** ******* ****?

Agree: 3
Disagree
Informative
Unhelpful
Funny

*** ****** ****** ** *** ** both *********. *** **** **** ***** programmers ********** ********* ** ****** ** a ****** ******** ****** ** ****** malice, ** *********. **** **** ****.

****** *** ** ***** **** ********* is ***** ** ** ************ ** multiple ***** ******* ********* *** *** just ***** ** ** *** **** BS ***** **** *** ****** ***. Thus *** ***** *********.

Agree
Disagree
Informative
Unhelpful
Funny

*, *** ***, ************* * **** ************* ******** *** resulted ** * **** ************* *******.

Agree
Disagree
Informative
Unhelpful
Funny: 6

* **** ***** **** * ***** national ********** **** *** ** ****** like **** *** ****** * ***** national *********, ** ** **** ********* to ***** ** **** ******* *** the **** ** **** ***** ****** arise. **** *** ********** ****-******** *******, similar ** *** **** ******** ******** operate, ***** **** ***** * ****** on * *** ******** (*****, ******, monthly), *** **** ******** *** ******* the ****** ** ***** ***, ******** that *** ******* *** ******* ******* having ** **** * ***** ** each ******** *** ****** **** ******* which ***** **** ******** *******. ** course, ***** ** *** *********** ** an ****** ***** ***** *** ****** down *** ******, ** *** ****** occurring ** ** *********** ****....

Agree
Disagree
Informative
Unhelpful
Funny

* ********** ******'* **** *********** **** equipment ******* **** ** *****....

Agree
Disagree
Informative
Unhelpful
Funny

***** *** **** *********** ** ******* home ** *** ***? ** ******? or ******? ** **? ** ***********? Are *** ********** ******* **** ***** manufacturers ****'* ******* **** ***** *********** to ******* ****** ******, **** ******.

Agree: 1
Disagree
Informative
Unhelpful
Funny

***** *** *********/***** *** ***** **** can ****** *********, ******** *** ************ on * ********** *****. **** *** not *** ******** **** ******* ****** counts *** **** *** **** ** manage **+ ******* **** ** ******* they *** * ******** **** *** a ******** *****.

****/***** ********* = $$$.

Agree: 1
Disagree
Informative
Unhelpful
Funny

*'* *** ****** ** ****** *********, but *** *** **** ** ******** the ******* ****** ******* **** ******* that ********* *********** ********* *** ***** and ******** * ***** *** **** day. *** ** ******* **** *** other ********* ***** ** **** ** do *** ****? **** ***** ******** argue **** *** ***** ********* ***'* have ***** ************* ******, *** * think **'* **** *** **** **** their ****** *****'* **** ********** ***...

**** ********* ******:

"********* ** * *** *** *** quickly ******** *** *** ******,***-****-******** ******** * ***** *** *** vulnerability ** *** **** *** ** the ****** **********’* **********."

Agree: 1
Disagree: 1
Informative: 2
Unhelpful: 1
Funny

**** ******* **** ********* *********** ********* the ***** *** ******** * ***** the **** ***

**** ** ********* *****. ** **** Hikvision ****** * ****** ** ******* a ***,**** *** **********'* ******************* *** *** *****:

IPVM Image

**'* ********** **** ******** *** ** publicly ****** **** *************** **** *** it ***** ****** *** ** ******* the ************* *** *** ***** **** it ******** *** ****** ** ** at *** *** ** *** ****** -********* *** "******* ***** ** ******** Vulnerability," ********* ***+ ******* *******

Agree
Disagree
Informative: 2
Unhelpful
Funny

***** * *******'* **** **** ** own ***** ** * ********, *** the **** * ******** ** (*****) was ****** **** ********* ****.

"********* ** * *** *** *** quickly ******** *** *** ******,***-****-******** ******** * ***** *** *** vulnerability ** *** **** *** ** the ****** **********’* **********."

** ** **** ********* * ****** to ******* *** *** (** *** timeline *****), ******'* ** ** **** to ***** ** *** ******* **** the ******** ******* ** *** ******** report *********** *****(***** ***'** **** ****** ** ** in **** *******?).

* ***'* ******* **** **** ***** report ****** ** ** ** ******* (maybe * ******), ** * ******* appreciate ** ******** ***** ******* ** the **** *******.

Agree
Disagree
Informative
Unhelpful
Funny

********'* ****** ** *** ********* *****. When ** **** "**** *** ** the ****** **********'* **********", ** ***** the *** *********** **** ******. **** was *** *** *** ******* **** released. *******, ** **** *****, *********** had ********** **** **** ******* ****** before.

Agree
Disagree
Informative: 3
Unhelpful
Funny

*** ****:

********* *********** ********* *** ***** *** released * ***** *** **** ***.

******** ****:

******** * ***** *** *** ************* on *** **** *** ** *** threat **********’* **********

**** ******** **** ** *** "********* false", **** ******** *** ***** *** same *** ** *** ********** ********* but ********* *** *** ** ** "immediately" ** *** *******.

** ***'* ******* ***** ****** ** the ****** *** **'** ***** ** clarify ****** **** *********** ***** ********* or ********.

Agree
Disagree
Informative: 1
Unhelpful
Funny

******, *** ********** *************/**** *** **** useful.

Agree
Disagree
Informative
Unhelpful
Funny

********* *********** ********* *** ***** *** released * ***** *** **** ***. Are ** ******* **** *** ***** companies ***** ** **** ** ** the ****?

** ** *****, **** *** ************ **********(**************'* ********). *** ************* *** ******** ** them ** **** **, *** *********** waited ***** ********* *** *** ***** to ** ****** *** ******** ****** they **** ********* *** ******* ** September **. **** ** * ****** common *** ** **** **** ***************. For *******, ** *******, **** *** Nozomi ********** ****** ***************, *** **** *** ******* **** working ** *** *** *** **** time - ********-** ******** *** ******** ** ******, **** ****** *** ************.

************** ****** ************ ******* *** ******* **** ** 3 ******, ***** *** **** ***** of ******** ********. *** ** *** can ***, **** ** *** * case ** ********* ******** *** * patch *** ** *** ***. *** even *****.

**** ***** ******** ***** **** *** other ********* ***'* **** ***** ************* issues, *** * ***** **'* **** the **** **** ***** ****** *****'* been ********** ***

*** ****'********** ** ***** ************ ************* *************** and ********. ***** ********* ** **** ***************. Do **** **** ******** ***************? * will ***** *** **** *** ***'* see ******* ** **** ** ***** or ******** ******* (** *** ** I've ****, ****** - ** ******** has, **** ****** ****** ****). **** of **** ** ******* ********* ******* are **** ******* ****, ****, "*************" who ****** **** **********. *** ******* part ** **** **** ***** ** have ****** ******** *********, **** ******** ** **** *** *********** ** audit ***** ****.

** *** ** ****** *** ****** world, *** **** **** *********** ** ********-***** *******, *** *******, and ******. * ***** ***** **** ***** devices *** *** **** ****** ** botnets, ******* **** *** *) ******, 2) ******* ** *** ********, *) made *******, *** *) ********** ** non-professionals. *** ******** ***'* **** **** Cisco ******* ** ******* [******** ******], even ****** ****'** *** ***************. **'* probably * ******* ********* **** *********.

* ***'* ***** ********* *** ***** popular, ** *** ***** **** ** poorly ******* **********/**************, *** * ** think **** **** **** * ************** to ***** ****** ********. **** ****** also ***** ****** ******** ** **********. And **** ****** ********** ****** **** OEMs, ** **** *** **** *** are **** ********** **** ****'* ********* Hikua ***'* ************* ***** ********* *******.

Agree
Disagree
Informative: 2
Unhelpful
Funny

***'* *** *** *** ***** **** beating * **** *****. ****'* **** point **** **** ****. ** ***** there ** ****** * ***** ** make ** ***** *** *****. ****** stated *** **** ** ********** ******* Hikvision, *** **** ******* ** *** complete ***** *** **. ** ** to *** ***** **** *** *** becoming **** ********. * **** **** I **** ** ******** **** * read **** ******* ***** ***** ** be ********* ******** *** **** ******** and *************. *******...***, **** *** *** following **** **** ** *** *** are ***** ***** ****. **** ***** other ********* ******** ****** *** ** China? *** **** ** *** ***** an ******?

Agree: 1
Disagree: 3
Informative
Unhelpful
Funny: 1

#*, ****** *** **** ***** *******!

** ***** ***** ** ****** * slant ** **** ** ***** *** worse

*** *** *********? ******* *** ****** bad *** *************** **** **** ******** root ****** (**** *********'* ****) *** pretty ***.

*** **** ** *** ***** ** iphone?

***, * ** *** *** ******* ********** * '*** **** ** PRC *****' ******.

Agree
Disagree
Informative
Unhelpful
Funny

*** *** *******, ** ** * serious *************. ** *** *** **** aware. *** *************** *** ******* **** all ******** *** *** *************. * believe *** ****** ** ***** ** I **** ***** ** ** ****.

Agree
Disagree
Informative
Unhelpful
Funny

*** *************** *** ******* **** *** products *** *** *************

**, **** *************** *** *** **** serious **** ******, *.*.,**** ********* *** ****** * *.* out ** **, ***** ** * ****-******** ******* system (****).

Agree
Disagree
Informative: 1
Unhelpful
Funny

***, **** ** **** *******. *** are ********** *******. *** **** ** this ** *** ****, *** *** are ***** ******* *** ***** ** we ****** ***** ** ********.

Agree
Disagree
Informative
Unhelpful
Funny

**** ** **** ** *** ****

**** *** ***** ******** **** ***** and ** ***** ** ******* *****. If ****'* *** **** ** ***, we *** ***** ** ********.

Agree
Disagree
Informative
Unhelpful: 1
Funny: 1

* **** ***** *** ****** *** point ****. **** ***********#*'* ******* ******** again: "

"***'* *** *** *** ***** **** beating * **** *****."

**'* *** ***** *** ******** ******* or ********** ************* ****** ** *******, it's ****** *** *********, *** ********, and **** ******* "*******".

***'* *** ** *****, * ********** that **** *** ********* ************* ******, discovering *** *******, ********* *********** *** so **, *** ** **** ***** a *** **** ** *****. **'* like ***** **** *** ******** ********* new, **'* ***** ****. ***** ***** of *********** ***** **** **** ** your ******** ****.

** *** ** (*** **** **** for * *****), ***** *** ************* issues (*** ****) **** ********* *** Dahua. **** *** *** **** ******** workers/writers, **** **** **** *** *** enthusiasm ***'* ****** ** **** *****-*****.

Agree
Disagree: 3
Informative
Unhelpful
Funny

**** ***********#*'* ******* ******** *****: " "Don't *** *** *** ***** **** beating * **** *****."

*** *** **** ** **** **** as * **** ***** *** *** US ********** ** ** *** ***** of ******** ** ************* *** ** these *********, ** **'* * **** live ****** ***** *** ** ** of ******** ******** ** * *********** portion ** *** ********. ******* ******* are ********* ********** *** *****, *.*.,******* **** *****.

** **** ***** * *** **** at *****.

****** *** ***** ** **** ******* interest ****** ** ****** *** *********** covers. ***** ** *** *** * consulting **** ******** ** ******** ***********' interests, ** ** ******** **** **** will **** *** ******** *** **** relevant ** *********** **** ******. ** strive *** ******** ** ***** ** cover, ** ****** **** ********'* *********.

**** ****, ******* ** **** ** two ** **** ** ****** *****? I ***'* *** ** **** ********** do ** *** ** ***** *** good ***** **** *********** *** **** cover ***** ******.

Agree: 1
Disagree
Informative
Unhelpful
Funny

***** ********** **** *** ***'* ***** for ***. ******* *** *** ****** IPVM ****, *** ***** ******* ** in *** ***** ** ***** ** number ** ********. ** ********** ***** that **'* ** ********* *****, *** maybe ** **** ***** **** "* bit *** **** ** *****" ***'* necessarily *** ***?*'** ** **** ******, it's *** ******, ***** *** ********* trolling ******** ** *********** ***** ******** fills ** ***.

************, *'* **** ** *** * Cybersecurity ******* (******** **** **** **** China), ******* ** **-***** ******/***** ** a ******** *** (** ********), *********** on ********/****** ************** *** *******/**** ***.

Agree
Disagree
Informative
Unhelpful
Funny

** ********* ******, ** ***'* ***** a ******* **** *****. ** ** about ******** **** **** **** * company **** *** ********** *******, ** well ** * ****** **** ***** record ** ***** ********, *** **** quality ** *******.

** ***** ***** ******* ************* ******** by * ******* ********** ** ***** government, ** ***** ** ******* *********. There **** **** ******** ***** ******** from ***** **********-********** *********, ********** **** it ******** ****-***** ** ******** ******** / *******, *** ******** ** *** is *********** ******...

Agree: 1
Disagree
Informative
Unhelpful
Funny

*** **** ** ********** ******* *********, and **** ******* ** *** ******** until *** **

***, * ***** **, * ********** would **** ** ** **** ** destroy ********* & *******. **** *** the * *********, ** *** ****** of ** ****, **** * **** the ****. **** *** ***** ********* scum *** * ******* *** ***** controlled ** *** *** & *** being **** ** **** ** ***** quest *** ***** **********.

*** ***** ****** ** ***** ****** with ***** ******** (*** ******** ****** a ***** % ** ***** ******* line) ****** **** ****** **** **** a ***** **** **** **** ** bad **** & ****** ** *******.

Agree
Disagree
Informative
Unhelpful: 1
Funny: 1

*'* *** ***% **** **** **** isn't *********, *** *'** ****** ** believe *** **** ***** ****. ***'** entitled ** **** **** *** ******* of ****** *** ** ***** **** harsh ******** *** ****** ********** ** you *** ******* - * ***** quickly ******* **** **** ** ******** and * **** *** ******* **** frustration ***. * ***** ********** **** my **** ***** **** ** ****** fuel ** *** ****, *** **** all *** ******* ***'* ** ****** (and *****) ** * **** ************ manner?

** *** *** **** ******* *********** I ***** **** ******** *** *** Agree ****** ******* ** *** ********* button.

Agree
Disagree
Informative
Unhelpful
Funny
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports