Hackers have reportedly launched a cyber-attack that disrupted Internet service in Iran late Friday, according to Reuters.
The attack has disrupted data centres in Iran and has reportedly been launched in multiple countries as well. The hackers have left the image of a US flag on screens along with a warning: “Don’t mess with our elections”, the Iranian IT ministry said on Saturday.
“The attack apparently affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in our country,” the Communication and Information Technology Ministry said in a statement carried by Iran’s official news agency IRNA.
The statement said the attack, which hit Internet service providers and cut off web access for subscribers, was made possible by a vulnerability in routers from Cisco which had earlier issued a warning and provided a patch that some firms had failed to install over the Iranian new year holiday.
A blog post by Cisco’s Talos security unit says the cyber-attacks are exploiting what Cisco officials are calling a “protocol misuse” situation in Cisco’s Smart Install Client, which is designed to enable the no-touch installation and deployment of new Cisco hardware, in particular Cisco switches.
Attackers have targeted a protocol issue with the Cisco Smart Install Client. If a user does not configure or turn off the Cisco Smart Install, it will hang out in the background waiting for commands on what to do. “As a result, we are taking an active stance, and are urging customers, again, of the elevated risk and available remediation paths.”
On Saturday evening, Cisco said those postings were a tool to help clients identify weaknesses and repel a cyber-attack.
Iran’s IT Minister Mohammad Javad Azari-Jahromi posted a picture of a computer screen on Twitter with the image of the U.S. flag and the hackers’ message. He said it was not yet clear who had carried out the attack.
Azari-Jahromi said the attack mainly affected Europe, India and the United States, state television reported.
“Some 55,000 devices were affected in the United States and 14,000 in China, and Iran’s share of affected devices was two percent,” Azari-Jahromi was quoted as saying.
In a tweet, Azari-Jahromi said the state computer emergency response body MAHER had shown “weaknesses in providing information to (affected) companies” after the attack which was detected late on Friday in Iran.
Hadi Sajadi, deputy head of the state-run Information Technology Organisation of Iran, said the attack was neutralized within hours and no data was lost.