Vigilante Hackers Attack Nation States

Uploaded on 2018-04-16 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

On Friday 5th April, a group of hackers targeted computer infrastructure in Russia and Iran, impacting Internet service providers, data, and in turn some websites.

In addition to disabling the equipment, the hackers left a note on affected machines, according to screenshots and photographs shared on social media: “Don’t mess with our elections,” along with an image of an American flag. Now, the hackers behind the attack have said why they did it.

“We were tired of attacks from government-backed hackers on the United States and other countries,” someone in control of an email address left in the note told Motherboard Saturday 6th April.

In a blog post, cybersecurity firm Kaspersky said the attack was exploiting a vulnerability in a piece of software called Cisco Smart Install Client. Using computer search engine Shodan, Talos (which is part of Cisco) said it found 168,000 systems potentially exposed by the software.

Talos also wrote it observed hackers exploiting the vulnerability to target critical infrastructure, and that some of the attacks are believed to be from nation-state actors.

Indeed, Talos linked the recent activity from the US Computer Emergency Readiness Team (CERT), which said Russian government hackers were targeting energy and other critical infrastructure sectors.

 “We simply wanted to send a message,” they told Motherboard.

The attack itself seems to be relatively unsophisticated. Lower-skilled hackers have previously created tools that can serve a similar, scattershot purpose.

In January, a pseudonymous security researcher released AutoSploit, a tool that scanned computer search engine Shodan for vulnerable machines and then fired exploits from the penetration testing tool Metasploit. This new attack appears to be similar somewhat in approach.

Regardless, this attack has had an impact. In its blog post Kaspersky said the attack had targeted the Russian speaking segment of the Internet.

IRAN the Communication and Information Technology Ministry said “The attack apparently affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in our country.”

Reuters reported that Iran’s IT Minister Mohammad Javad Azari-Jahromi said the attack mainly impacted Europe, India, and the US. In a tweet he added that 95 percent of the routers have resumed normal functioning.

The hackers said they did scan many countries for the vulnerable systems, including the UK, US, and Canada, but only “attacked” Russia and Iran, perhaps referring to the post of an American flag and their message. They claimed to have fixed the Cisco issue on exposed devices in the US and UK “to prevent further attacks.”

In its blog post, Talos suggested system administrators could run a particular command on the affected device to mitigate the exposure. This is what the hackers claimed they did on machines in the UK and US.

“As a result of our efforts, there are almost no vulnerable devices left in many major countries,” they claimed in an email.

However, it appears the number of exposed devices has only decreased marginally, from 168,000 at the time of Talos’ scan, to just over 166,000 on Saturday, according to search results on Shodan.

Motherboard

You Might Also Read: 

Foreign Interference In US Elections 'Will be repeated':

« UK Launches Cyber Attack On Islamic State
Offensive Cyberattacks Must Balance Lawful Deterrence & The Risks Of Escalation »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Cyber Exchange

Cyber Exchange

Cyber Exchange provides a focal point for UK organisations connected with, or with an interest in, cyber security to connect, engage and collaborate.

Cyber DriveWare

Cyber DriveWare

DriveWare analyzes new traffic in the I/O layer and blocks malware and cyber attacks which organizations have no means to protect against.

Ikarus Security Software

Ikarus Security Software

Ikarus focuses on antivirus and content-security solutions.

Trapmine

Trapmine

TRAPMINE is an innovative cybersecurity products company mainly focusing on protecting organizations from Advanced Persistent Threat & Zero-Day attacks.

CSIRT GOV - Poland

CSIRT GOV - Poland

Computer Security Incident Response Team CSIRT GOV, run by the Head of the Internal Security Agency, acts as the national CSIRT responsible for coordinating the response to computer incidents.

Cyber Intelligence 4U

Cyber Intelligence 4U

Cyber Intelligence 4U is an educational services company that provides two levels of cybersecurity training programs: executive and technical.

ERI

ERI

ERI is the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States.

FireCompass

FireCompass

FireCompass SAAS platform helps CISOs & Security Teams in continuous risk assessment by mapping your attack surface and knowing the “unknown unknowns”.

Evina

Evina

Evina offers the most advanced cybersecurity and fraud protection for mobile payment.

FastNetMon

FastNetMon

FastNetMon is a very high performance DDoS detection and mitigation tool which could detect malicious traffic in your network and immediately block it.

ThreatDefence

ThreatDefence

ThreatDefence provides innovative SIEM, SOC-as-a-Service, and proactive cyber defence solutions to MSP’s and Enterprises.

Fairdinkum Consulting

Fairdinkum Consulting

Fairdinkum is a leading full-service IT consulting firm with more than two decades of experience in the industry.

Cyclops

Cyclops

Cyclops is the first Contextual Search Platform for cybersecurity.

Defence Innovation Accelerator for the North Atlantic (DIANA)

Defence Innovation Accelerator for the North Atlantic (DIANA)

The NATO DIANA accelerator programme is designed to equip businesses with the skills and knowledge to navigate the world of deep tech, dual-use innovation.

HP Wolf Security

HP Wolf Security

HP Wolf Security protects your organization and devices from cyberattacks no matter where, when or how you work.

CODA Intelligence

CODA Intelligence

CODA's AI-powered attack surface management platform helps you sort out the important remediations needed in order to avoid exploits on your systems.