Hackers use Cisco Router flaws to attack Iran, 3,500 routers hacked

According to Iranian State News Agency (IRNA) reported on April 7, a statement made by the Communication and Information Technology Ministry said that “The attack apparently affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in our country.”. In addition, some European countries and India are also affected by this attack. The statement said that during the attack, hackers attacked Internet service providers and disrupted users’ network access.

Iranian Minister of Information and Communication Technology, Mohammad-Javad Azari Jahromi subsequently published a hacking code map on social network Twitter. The figure shows “Don’t mess with our elections.” message, and used characters to form an American flag.

بررسیهای اولیه حاکی از آن است که در تنظیمات مسیریابهای مورد حمله قرار گرفته، با حک پرچم ایالت متحده، اعتراضی درباره انتخابات آمریکا صورت گرفته است. دامنه حملات فراتر از ایران است. منشا حملات در دست بررسی است pic.twitter.com/L8erHB52j1

— MJ Azari Jahromi (@azarijahromi) April 6, 2018

Azari Jahromi said it is not clear which individual or organization launched the cyber attack. At present, 95% of attacked routers have returned to normal.

According to Reuters, hackers attacked by using a vulnerability in Cisco routers. The company earlier issued warnings and updated patches. However, some companies have not yet installed patches.

Cisco’s Talos Security Intelligence and Research Group researcher Nick Biasini posted a blog on Thursday (April 5th) saying that several (hacking) incidents occurred in multiple countries, including some attacks specific to critical infrastructure involve loopholes in smart installation protocols. “As a result, we are taking an active stance, and are urging customers, again, of the elevated risk and available remediation paths.”

On Saturday night, Cisco stated that the above message is to identify weaknesses for customers and eliminate the threat of cyber attacks.

Cisco is the world’s largest router vendor. In September 2015, multinational Cisco routers were hacked and stolen from massive amounts of information.

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.