Biggest Hackers Group Performing Massive Cyber attack against internet service providers, data centers around the world by compromising Cisco switches.
Hackers compromising more than 200,000 Cisco devices across the world in this widespread attack, including 3,500 switches in Iran country.
A recently discovered Remote Code Execution flaw that affected the Cisco switches Smart Install Client allows an attacker to gain the full control of the Vulnerable Cisco switch deployed networks.
Iranian & Russian countries are mainly affected and hackers have left the image of a U.S. flag on screens that also contains a warning message:“Don’t mess with our elections”
This Cyber Attack initially hit the Internet service providers and stop the web access for subscribers by exploiting the vulnerability in Cisco switches that contains a critical Remote code execution Flaw.
This Attack initiated by an unknown threat actor that is exploiting a vulnerability in a piece of software called Cisco Smart Install Client, which allows them to run arbitrary code and this leads attacker to reset the vulnerable Cisco Switches to its default configuration.
Based on the Cisco investigation using Shodan and they were identified more than 168,000 systems already successfully exploited and another investigation made by Tenable security revealed that 251,000 exposed Cisco Smart Install Clients around the world.
According to Motherboard Report, The hackers said they did scan many countries for the vulnerable systems, including the UK, US, and Canada, but only “attacked” Russia and Iran, perhaps referring to the post of an American flag and their message.
Iran’s IT Minister Mohammad Javad Azari-Jahromi posted a picture of a computer screen on Twitter with the image of the U.S. flag and the hackers’ message. He said it was not yet clear who had carried out the Cyber Attack.
بررسیهای اولیه حاکی از آن است که در تنظیمات مسیریابهای مورد حمله قرار گرفته، با حک پرچم ایالت متحده، اعتراضی درباره انتخابات آمریکا صورت گرفته است. دامنه حملات فراتر از ایران است. منشا حملات در دست بررسی است pic.twitter.com/L8erHB52j1
— MJ Azari Jahromi (@azarijahromi) April 6, 2018
He said in another Tweet, “Approximately 3,500 routers come from a total of hundreds of thousands of nationwide network routers affected by the Cyber Attack. The performance of companies has been evaluated in repelling and restoring normal conditions. Weakness in informing the skilled center to companies and the weakness in the configuration of data centers have been”
Based on the Reuters Statment, This Cyber Attack mainly affected Europe, India and the United States, in this case, Some 55,000 devices were affected in the United States and 14,000 in China.