June 27, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
CVE-2025-3218 – IBM i Netserver Vulnerability
May 7, 2025
SideWinder APT Group aka Rattlesnake – Active IOCs
May 7, 2025
CVE-2025-3218 – IBM i Netserver Vulnerability
May 7, 2025
SideWinder APT Group aka Rattlesnake – Active IOCs
May 7, 2025
Severity
High
Analysis Summary
On 6th May 2025, right a day before Indian Strikes on major cities of Pakistan. A threat actor group named as "INDIAN CYBER FORCE" has allegedly claimed to hack Pakistan's Surveillance with gaining access of 1000+ cameras.
While sharing the announcement post on it's source channel, Indian Cyber Force has claimed to access the surveillance's of the following sectors:
- Industrial Zones
- Private Corporations
- Government Facilities
- Schools
- Banks and ATMs
Moreover, as an evidence the threat actors have also posted a video that shows the access of different surveillance cameras.
Impacts
- Unauthorized Access
- Reputational Damage
- Cyber Espionage
Recommendations
- Immediately replace factory-set usernames and passwords with strong, unique credentials to prevent unauthorized access through publicly known defaults.
- Use complex passwords that combine upper/lowercase letters, numbers, and special characters. Avoid reusing passwords across devices or systems.
- Ensure that all surveillance cameras run the latest firmware to patch known vulnerabilities and strengthen resistance against exploits.
- Where supported, implement multi-factor authentication to add an additional layer of security for accessing camera management interfaces.
- Limit or turn off remote access features unless absolutely required, thereby reducing the attack surface available to threat actors.
- Place surveillance cameras on separate VLANs or subnets to isolate them from sensitive business systems.
- Require a secure VPN connection for any remote access to camera feeds or administrative interfaces to prevent unauthorized exposure.
- Configure network firewalls to allow only necessary traffic to and from surveillance devices, blocking all other inbound/outbound communication.
- Regularly review device and network logs for anomalies such as repeated failed logins, irregular access times, or unknown IP addresses.
- Turn off any features, services, or open ports that are not in active use to minimize exploitable entry points.
- Perform routine security scans on connected surveillance systems to identify and remediate security gaps.
- Ensure all data transmitted to and from surveillance cameras is encrypted using secure protocols like HTTPS or SSL/TLS.
- Use IP whitelisting to allow access only from known, authorized addresses, reducing the risk of external intrusion.
- Secure physical access to camera systems to prevent tampering, theft, or unauthorized device resets.
- Remove outdated or unused cameras from the network and wipe their storage to prevent data leakage or reuse by attackers.