Exploits CVEs in the wild

Radwan Brigade

Also known asRadwan Brigade

Radwan Brigade is a threat group listed in the provided content as having claimed to have compromised cameras or having been observed targeting cameras. The reporting places it among groups associated with activity against internet-exposed IP cameras, particularly Hikvision and Dahua devices, which are described as commonly vulnerable due to default credentials, unpatched flaws, exposed feeds, and known vulnerabilities such as CVE-2021-36260. The content does not provide additional high-confidence details on Radwan Brigade’s attribution, geography, specific victims, or broader operations beyond this camera-targeting context. Known alias in the provided content: radwan_brigade.

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

MITRE ATT&CK

Tradecraft

1 distinct technique observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

1 of 15 tactics1 techniques×N= number of intelligence reports citing this technique

MITRE ATT&CK

TA0001

Initial Access

1 technique

T1190

Exploit Public-Facing Application

WEAPONIZED

Associated vulnerabilities

1 CVE this actor has used in observed campaigns. 1 of them exploited in the wild.

CVE-2021-3626Privilege Escalation via Unrestricted Localhost TCP Control Socket in Multipass for WindowsIn the wildEvidence1

One of the Hikvision vulnerabilities (CVE-2021-3626; command injection) grants an attacker full root access to control the device.

ACTIVITY FEED

Recent activity

1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

1 SOURCESView more in app

nozomi networks blogNews

Apr 2, 2026

IP Cameras in Modern Warfare: Pre-Strike Recon and Post-Strike Assessment

Listed as a threat group that has claimed to have compromised cameras or has been observed targeting cameras.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping1

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs1

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.