Vigilante Hackers Attack Nation States

On Friday 5th April, a group of hackers targeted computer infrastructure in Russia and Iran, impacting Internet service providers, data, and in turn some websites.

In addition to disabling the equipment, the hackers left a note on affected machines, according to screenshots and photographs shared on social media: “Don’t mess with our elections,” along with an image of an American flag. Now, the hackers behind the attack have said why they did it.

“We were tired of attacks from government-backed hackers on the United States and other countries,” someone in control of an email address left in the note told Motherboard Saturday 6th April.

In a blog post, cybersecurity firm Kaspersky said the attack was exploiting a vulnerability in a piece of software called Cisco Smart Install Client. Using computer search engine Shodan, Talos (which is part of Cisco) said it found 168,000 systems potentially exposed by the software.

Talos also wrote it observed hackers exploiting the vulnerability to target critical infrastructure, and that some of the attacks are believed to be from nation-state actors.

Indeed, Talos linked the recent activity from the US Computer Emergency Readiness Team (CERT), which said Russian government hackers were targeting energy and other critical infrastructure sectors.

 “We simply wanted to send a message,” they told Motherboard.

The attack itself seems to be relatively unsophisticated. Lower-skilled hackers have previously created tools that can serve a similar, scattershot purpose.

In January, a pseudonymous security researcher released AutoSploit, a tool that scanned computer search engine Shodan for vulnerable machines and then fired exploits from the penetration testing tool Metasploit. This new attack appears to be similar somewhat in approach.

Regardless, this attack has had an impact. In its blog post Kaspersky said the attack had targeted the Russian speaking segment of the Internet.

IRAN the Communication and Information Technology Ministry said “The attack apparently affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in our country.”

Reuters reported that Iran’s IT Minister Mohammad Javad Azari-Jahromi said the attack mainly impacted Europe, India, and the US. In a tweet he added that 95 percent of the routers have resumed normal functioning.

The hackers said they did scan many countries for the vulnerable systems, including the UK, US, and Canada, but only “attacked” Russia and Iran, perhaps referring to the post of an American flag and their message. They claimed to have fixed the Cisco issue on exposed devices in the US and UK “to prevent further attacks.”

In its blog post, Talos suggested system administrators could run a particular command on the affected device to mitigate the exposure. This is what the hackers claimed they did on machines in the UK and US.

“As a result of our efforts, there are almost no vulnerable devices left in many major countries,” they claimed in an email.

However, it appears the number of exposed devices has only decreased marginally, from 168,000 at the time of Talos’ scan, to just over 166,000 on Saturday, according to search results on Shodan.

Motherboard

You Might Also Read: 

Foreign Interference In US Elections 'Will be repeated':

« UK Launches Cyber Attack On Islamic State
Offensive Cyberattacks Must Balance Lawful Deterrence & The Risks Of Escalation »

Directory of Suppliers

TitanFile

TitanFile

TitanFile is an award-winning, easy and secure way for professionals to communicate without having to worry about security and privacy.

Code42

Code42

Code42 CrashPlan, is an enterprise SaaS solution that backs up all distributed end-user data on a single, secure platform.

AON

AON

Aon is a leading global provider of risk management (including cyber), insurance and reinsurance brokerage, human resources solutions and outsourcing services.

Camouflage

Camouflage

Camouflage are pioneers in the field of data masking and provide patented technologies/products and expert services in this field.

HOB Cyber Security

HOB Cyber Security

HOB provides secure authentication and remote-access solutions for mobile devices and IoT.

BaseN

BaseN

BaseN is a full stack IoT Operator. We control the full value chain in order to provide ultimate scalability, fault tolerance and security to our customers.

Comiq

Comiq

Comiq provide software quality assurance, testing and project management services. Areas of expertise include cybersecurity.

Maverick Technologies

Maverick Technologies

Maverick is an industrial automation, enterprise integration and operational consulting company. Services include industrial cyber security.

cPacket Networks

cPacket Networks

cPacket’s distributed intelligence enables network operators to proactively identify imminent issues before they negatively impact end-users.

IGX Global

IGX Global

IGX Global is a provider of information network and security integration services and products.

RepKnight

RepKnight

RepKnight is a cybersecurity company providing web applications for real-time data breach detection, dark web monitoring, and cyber threat intelligence.

RazorSecure

RazorSecure

RazorSecure provides cyber security solutions for Aviation, Rail & Automotive transport systems.

Zix

Zix

Zix offers secure email encryption, threat protection, archiving, DLP and BYOD security for hospitals, financial services, government, and more.

Arete Advisors

Arete Advisors

Arete’s advisory services provide legally defensible, compliant cyber strategies that assist the C-Suite and Boards of Directors to continuously improve the organizations’ cyber posture.

Slovak Security Policy Institute (SSPI)

Slovak Security Policy Institute (SSPI)

Slovak Security Policy Institute is an independent non-governmental organization that focuses on research and analysis of security challenges including defence and cyber security.