Vigilante Hackers Attack Nation States

Uploaded on 2018-04-16 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

On Friday 5th April, a group of hackers targeted computer infrastructure in Russia and Iran, impacting Internet service providers, data, and in turn some websites.

In addition to disabling the equipment, the hackers left a note on affected machines, according to screenshots and photographs shared on social media: “Don’t mess with our elections,” along with an image of an American flag. Now, the hackers behind the attack have said why they did it.

“We were tired of attacks from government-backed hackers on the United States and other countries,” someone in control of an email address left in the note told Motherboard Saturday 6th April.

In a blog post, cybersecurity firm Kaspersky said the attack was exploiting a vulnerability in a piece of software called Cisco Smart Install Client. Using computer search engine Shodan, Talos (which is part of Cisco) said it found 168,000 systems potentially exposed by the software.

Talos also wrote it observed hackers exploiting the vulnerability to target critical infrastructure, and that some of the attacks are believed to be from nation-state actors.

Indeed, Talos linked the recent activity from the US Computer Emergency Readiness Team (CERT), which said Russian government hackers were targeting energy and other critical infrastructure sectors.

 “We simply wanted to send a message,” they told Motherboard.

The attack itself seems to be relatively unsophisticated. Lower-skilled hackers have previously created tools that can serve a similar, scattershot purpose.

In January, a pseudonymous security researcher released AutoSploit, a tool that scanned computer search engine Shodan for vulnerable machines and then fired exploits from the penetration testing tool Metasploit. This new attack appears to be similar somewhat in approach.

Regardless, this attack has had an impact. In its blog post Kaspersky said the attack had targeted the Russian speaking segment of the Internet.

IRAN the Communication and Information Technology Ministry said “The attack apparently affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in our country.”

Reuters reported that Iran’s IT Minister Mohammad Javad Azari-Jahromi said the attack mainly impacted Europe, India, and the US. In a tweet he added that 95 percent of the routers have resumed normal functioning.

The hackers said they did scan many countries for the vulnerable systems, including the UK, US, and Canada, but only “attacked” Russia and Iran, perhaps referring to the post of an American flag and their message. They claimed to have fixed the Cisco issue on exposed devices in the US and UK “to prevent further attacks.”

In its blog post, Talos suggested system administrators could run a particular command on the affected device to mitigate the exposure. This is what the hackers claimed they did on machines in the UK and US.

“As a result of our efforts, there are almost no vulnerable devices left in many major countries,” they claimed in an email.

However, it appears the number of exposed devices has only decreased marginally, from 168,000 at the time of Talos’ scan, to just over 166,000 on Saturday, according to search results on Shodan.

Motherboard

You Might Also Read: 

Foreign Interference In US Elections 'Will be repeated':

« UK Launches Cyber Attack On Islamic State
Offensive Cyberattacks Must Balance Lawful Deterrence & The Risks Of Escalation »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IX Associates

IX Associates

IX Associates is a UK based IT Integration business specialising in risk, compliance, eDefence, and network security solutions.

Redbud

Redbud

Redbud is a specialist search and recruitment firm for Information Security professionals.

Emerson Electric Co

Emerson Electric Co

Emerson provides industrial automation systems and associated cybersecurity solutions to protect critical process control systems from cyber attack.

Viavi Solutions

Viavi Solutions

Viavi Solutions is a global leader in both network and service enablement and optical security performance products and solutions.

SecureBrain

SecureBrain

SecureBrain software and services help protect against Japanese-specific cybercrime and global internet security threats such as online fraud, phishing, drive-by downloads and malware attacks.

Intelligent Waves

Intelligent Waves

Intelligent Waves holds and manages contracts to provide an array of intelligence, operational, communications and IT support to the USG in austere, forward-deployed, hazardous duty environments.

State e-Government Agency (SEGA) - Bulgaria

State e-Government Agency (SEGA) - Bulgaria

The State e-Government Agency (SEGA) is responsible for matters relating to electronic governance in Bulgaria.

iFluids Engineering

iFluids Engineering

iFluids Engineering is a leading engineering consulting and risk management firm providing a full range of services including Cyber Security for Industrial Control Systems.

Red4Sec

Red4Sec

Red4Sec are experts in ethical hacking, audits of web and mobile applications, code audits, cryptocurrency audits, perimeter security and incident response.

Syndis

Syndis

Syndis is a leading information security company helping to defend organizations by providing bespoke services and innovative security solutions in the global market.

Paradyn

Paradyn

Paradyn-managed security services can provide a holistic view of your business environment, no matter how simple or complex it is.

Netgo

Netgo

Netgo group meet the requirements of a complex, digitized world with IT consulting, IT solutions & services, managed & cloud services and software products & development.

Gravitee

Gravitee

Gravitee helps organizations manage and secure their entire API lifecycle with solutions for API design, management, security, productization, real-time observability, and more.

VulnCheck

VulnCheck

VulnCheck helps organizations outpace adversaries with vulnerability intelligence that predicts avenues of attack with speed and accuracy.

Kodem Security

Kodem Security

Our mission is to make AppSec simple. Meet the world’s first dynamic software composition analysis platform. Only Kodem uses runtime intelligence to determine application risk.

Modat

Modat

Modat is an AI-powered, research-driven company focused on developing products and services that enable cybersecurity professionals to outpace adversaries.