On Saturday, the Iranian IT ministry disclosed that networks in a number of countries were attacked by hackers and this included the data centers in Iran. The hackers left behind a picture of the US flag on screens, which was accompanied by a warning message of not messing in the country’s elections. According to a statement made by the Communication and Information Technology Ministry, around 200,000 router switches were apparently affected in the attack across the world and this included 3,500 switches in Iran alone. It was further revealed that the attack targeting internet service providers ended up cutting off web access to for all subscribers.
However, it was made possible due to a vulnerability in routers made by Cisco. The company had earlier issued a warning about this vulnerability and had also provided a patch for this problem, but some companies hadn’t gotten around to installing it yet due to the Iranian new year holiday. Nick Biasini, a threat researcher working at Cisco’s Talos Security Intelligence and Research Group, published a blog on Thursday. The post said that a number of incidents had happened in various countries and some critical infrastructure had been targeted, all through the use of the Smart Install protocol in the system.
It further stated that they were actively working on it and were informing customers about the risk associated as well as remedies available. Cisco again asserted on Saturday that the purpose of the posts were to assist clients in identifying the weaknesses in the system so they could repel a cyber-attack. Mohammad Javad Azari-Jahromi, the IT Minister of Iran, posted a computer screen’s picture on Twitter that showed the image of the US flag along with the message the hacker left behind. He added that it was not clear as yet about who was behind the attack.
It was reported by state television that Azari-Jahromi believed the attack affected countries such as India, Europe and also the United States. He was quoted as saying that nearly 55,000 devices in the United States were exploited and about 14,000 devices in China. As far as Iran is concerned, about 2 percent of the devices were affected in the attack. Azari-Jahromi said in a tweet that MAHER, the computer emergency response body of the state, had been a bit slow in providing information to the companies affected after the attack had been identified on late Friday.
The Information Technology Organization of Iran is run by the state and one of its deputy head, Haji Sajadi said that they had taken immediate steps to neutralize the attack and had done so within hours. Due to their preemptive steps, no data was lost in the attack. Nonetheless, cyberattacks have become a common problem these days and a number of countries are affected regularly. The message left by the attackers in this incident is a jab at the Russians, who are blamed for interfering in the US presidential elections in 2016, even though Moscow has constantly denied these claims.