On Saturday, the Iranian IT ministry said that some hackers had attacked various networks in some countries including the data centres in Iran where they left the image of the flag of the United States of America on screens along with a warning that says: “Don’t mess with our elections.”
in a statement that was carried by IRNA, the official news agency of Iran, the Communication and Information Technology Ministry stated: “The attack apparently affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in our country.”
The said statement said that the attack, which affected internet service providers and cut off web access for various subscribers, was made possible by a vulnerability that was found in routers from Cisco which had issued a warning earlier and provided a patch that some companies had failed to install over the new year holiday in Iran.
A blog that was published last Thursday by a threat researcher at the Talos Security Intelligence and Research Group of Cisco, Nick Biasini, stated: “Several incidents in multiple countries, including some specifically targeting critical infrastructure, have involved the misuse of the Smart Install protocol…
“As a result, we are taking an active stance, and are urging customers, again, of the elevated risk and available remediation paths.”
On the evening of Saturday, Cisco said that the said postings were a tool to help its clients identify the weaknesses and avoid a cyber attack.
On Twitter, Mohammad Javad Azari-Jahromi, the IT Minister of Iran, posted a picture of a computer screen that has the image of the U.S. flag and the message of the hackers. He said that it was not yet clear who had performed the said attack.
State television reported that Azari-Jahromi said that the attack mainly affected India, Europe, and the United States.
Azari-Jahromi was quoted as stating: “Some 55,000 devices were affected in the United States and 14,000 in China, and Iran’s share of affected devices was 2 percent.”
In a post on Twitter, Azari-Jahromi said that MAHER, the computer emergency response body of the state, had exhibited “weaknesses in providing information to (affected) companies” following the attack which was discovered late last Friday in Iran.
The deputy head of the state-run Information Technology Organisation of Iran, Hadi Sajadi, said that the attack was able to be neutralised within hours and no information was lost.