Vigilante Hackers Attack Nation States

On Friday 5th April, a group of hackers targeted computer infrastructure in Russia and Iran, impacting Internet service providers, data, and in turn some websites.

In addition to disabling the equipment, the hackers left a note on affected machines, according to screenshots and photographs shared on social media: “Don’t mess with our elections,” along with an image of an American flag. Now, the hackers behind the attack have said why they did it.

“We were tired of attacks from government-backed hackers on the United States and other countries,” someone in control of an email address left in the note told Motherboard Saturday 6th April.

In a blog post, cybersecurity firm Kaspersky said the attack was exploiting a vulnerability in a piece of software called Cisco Smart Install Client. Using computer search engine Shodan, Talos (which is part of Cisco) said it found 168,000 systems potentially exposed by the software.

Talos also wrote it observed hackers exploiting the vulnerability to target critical infrastructure, and that some of the attacks are believed to be from nation-state actors.

Indeed, Talos linked the recent activity from the US Computer Emergency Readiness Team (CERT), which said Russian government hackers were targeting energy and other critical infrastructure sectors.

 “We simply wanted to send a message,” they told Motherboard.

The attack itself seems to be relatively unsophisticated. Lower-skilled hackers have previously created tools that can serve a similar, scattershot purpose.

In January, a pseudonymous security researcher released AutoSploit, a tool that scanned computer search engine Shodan for vulnerable machines and then fired exploits from the penetration testing tool Metasploit. This new attack appears to be similar somewhat in approach.

Regardless, this attack has had an impact. In its blog post Kaspersky said the attack had targeted the Russian speaking segment of the Internet.

IRAN the Communication and Information Technology Ministry said “The attack apparently affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in our country.”

Reuters reported that Iran’s IT Minister Mohammad Javad Azari-Jahromi said the attack mainly impacted Europe, India, and the US. In a tweet he added that 95 percent of the routers have resumed normal functioning.

The hackers said they did scan many countries for the vulnerable systems, including the UK, US, and Canada, but only “attacked” Russia and Iran, perhaps referring to the post of an American flag and their message. They claimed to have fixed the Cisco issue on exposed devices in the US and UK “to prevent further attacks.”

In its blog post, Talos suggested system administrators could run a particular command on the affected device to mitigate the exposure. This is what the hackers claimed they did on machines in the UK and US.

“As a result of our efforts, there are almost no vulnerable devices left in many major countries,” they claimed in an email.

However, it appears the number of exposed devices has only decreased marginally, from 168,000 at the time of Talos’ scan, to just over 166,000 on Saturday, according to search results on Shodan.

Motherboard

You Might Also Read: 

Foreign Interference In US Elections 'Will be repeated':

« UK Launches Cyber Attack On Islamic State
Offensive Cyberattacks Must Balance Lawful Deterrence & The Risks Of Escalation »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Information Security Media Group (ISMG)

Information Security Media Group (ISMG)

Information Security Media Group is the world’s largest media organization devoted solely to information security and risk management.

Lastline

Lastline

Lastline is the leader in advanced malware protection.

Firebrand

Firebrand

Firebrand is the leader in Accelerated Learning in the field of IT and project management.

Robert Bosch Centre for Cyber-Physical Systems (RBCCPS)

Robert Bosch Centre for Cyber-Physical Systems (RBCCPS)

RBCCPS is an interdisciplinary research and academic centre within the Indian Institute of Science focused on research in cyber-physical systems.

Cyberra Legal Services (CLS)

Cyberra Legal Services (CLS)

Cyberra Legal Services provides cyber law advisory, cyber crime consultancy, cyber law compliance audit, cyber security, cyber forensics and cyber training services.

Thomsen Trampedach

Thomsen Trampedach

Thomsen Trampedach offers a tailored-made brand protection solution to each customer using a proprietary enforcement automation and reporting tool and a multilingual enforcement team.

Privafy

Privafy

Privafy helps mobile service providers, IoT manufactures , and enterprises redefine the way they protect Data-in-Motion.

OSI Security

OSI Security

OSI Security's primary services include penetration testing, security auditing, web application security testing and risk management.

Zokyo

Zokyo

Zokyo is a venture studio that builds, secures, and funds legendary web3/crypto businesses.

Questex Asia Total Security Conference

Questex Asia Total Security Conference

Questex Asia’s Total Security Conferences is one of the industry’s most prestigious and engaging forums for the region's top information security leaders and business decision-makers.

AArete

AArete

AArete is a global management and technology consulting firm specializing in strategic profitability improvement, digital transformation, and advisory services.

Elba

Elba

Employee security needs to be reinvented. SaaS security needs to involve end-user and awareness needs to be actionable. Meet elba, the 5-in-one cybersecurity hub with no compromises.

Netcraft

Netcraft

Netcraft is a global leader in cybercrime detection and disruption, combining cutting-edge technology with decades of experience to protect organizations of all sizes from digital threats and attacks.

ELK Analytics

ELK Analytics

ELK Analytics is a specialized Managed Security Services Provider (MSSP) that focuses on endpoint security and monitoring & alerting for any type of structured or unstructured data.

Athena7

Athena7

Athena7 is a dedicated assessment practice committed to helping organizations understand how their infrastructure, backups, and security controls will withstand the latest threat actor tactics.

LiveAction

LiveAction

LiveAction’s Network Intelligence platform transforms complex data into actionable insights, providing organizations with a comprehensive view of their network.