Vigilante Hackers Attack Nation States

Uploaded on 2018-04-16 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

On Friday 5th April, a group of hackers targeted computer infrastructure in Russia and Iran, impacting Internet service providers, data, and in turn some websites.

In addition to disabling the equipment, the hackers left a note on affected machines, according to screenshots and photographs shared on social media: “Don’t mess with our elections,” along with an image of an American flag. Now, the hackers behind the attack have said why they did it.

“We were tired of attacks from government-backed hackers on the United States and other countries,” someone in control of an email address left in the note told Motherboard Saturday 6th April.

In a blog post, cybersecurity firm Kaspersky said the attack was exploiting a vulnerability in a piece of software called Cisco Smart Install Client. Using computer search engine Shodan, Talos (which is part of Cisco) said it found 168,000 systems potentially exposed by the software.

Talos also wrote it observed hackers exploiting the vulnerability to target critical infrastructure, and that some of the attacks are believed to be from nation-state actors.

Indeed, Talos linked the recent activity from the US Computer Emergency Readiness Team (CERT), which said Russian government hackers were targeting energy and other critical infrastructure sectors.

 “We simply wanted to send a message,” they told Motherboard.

The attack itself seems to be relatively unsophisticated. Lower-skilled hackers have previously created tools that can serve a similar, scattershot purpose.

In January, a pseudonymous security researcher released AutoSploit, a tool that scanned computer search engine Shodan for vulnerable machines and then fired exploits from the penetration testing tool Metasploit. This new attack appears to be similar somewhat in approach.

Regardless, this attack has had an impact. In its blog post Kaspersky said the attack had targeted the Russian speaking segment of the Internet.

IRAN the Communication and Information Technology Ministry said “The attack apparently affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in our country.”

Reuters reported that Iran’s IT Minister Mohammad Javad Azari-Jahromi said the attack mainly impacted Europe, India, and the US. In a tweet he added that 95 percent of the routers have resumed normal functioning.

The hackers said they did scan many countries for the vulnerable systems, including the UK, US, and Canada, but only “attacked” Russia and Iran, perhaps referring to the post of an American flag and their message. They claimed to have fixed the Cisco issue on exposed devices in the US and UK “to prevent further attacks.”

In its blog post, Talos suggested system administrators could run a particular command on the affected device to mitigate the exposure. This is what the hackers claimed they did on machines in the UK and US.

“As a result of our efforts, there are almost no vulnerable devices left in many major countries,” they claimed in an email.

However, it appears the number of exposed devices has only decreased marginally, from 168,000 at the time of Talos’ scan, to just over 166,000 on Saturday, according to search results on Shodan.

Motherboard

You Might Also Read: 

Foreign Interference In US Elections 'Will be repeated':

« UK Launches Cyber Attack On Islamic State
Offensive Cyberattacks Must Balance Lawful Deterrence & The Risks Of Escalation »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

6cure

6cure

The 6cure Threat Protection solution eliminates malicious traffic to critical services in real time and protects against DDoS attacks.

V-Key

V-Key

V-Key is a global leader in software based digital security, providing solutions for mobile identity, authentication, authorization, and mobile payments for major banks.

Volatility Foundation

Volatility Foundation

Volatility is an open source memory forensics framework for incident response and malware analysis.

Information Technology & Cyber ​​Security Service (STISC) - Moldova

Information Technology & Cyber ​​Security Service (STISC) - Moldova

STISC is a public institution whose purpose is to ensure the administration, maintenance and development of the information technology infrastructure in Moldova.

TechCERT

TechCERT

TechCERT is Sri Lanka’s first and largest Computer Emergency Readiness Team (CERT).

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Bessemer Venture Partners (BVP)

Bessemer Venture Partners (BVP)

Bessemer Venture Partners was born from innovations that literally forged modern building and manufacturing. Today, our team of investors works with people who want to create revolutions of their own.

SecureNation

SecureNation

SecureNation offers a wide variety of cutting-edge technologies and IT services to address almost any of your information security, network security and information assurance needs.

ToucanX

ToucanX

ToucanX has eliminated remote attack vectors without sacrificing productivity. We’ve brought embedded near real time virtualization to the enterprise endpoint.

McDonald Hopkins

McDonald Hopkins

McDonald Hopkins is a business advisory and advocacy law firm. We focus on insightful legal solutions that help our clients strategically plan for an increasingly competitive future.

Trenton Systems

Trenton Systems

Trenton Systems are committed to providing high-performance computing solutions to customers running mission-critical applications in harsh settings worldwide and across various industries.

CSIR Information & Cybersecurity Research Centre

CSIR Information & Cybersecurity Research Centre

The CSIR Information & Cybersecurity Research Centre focuses on research, development, and innovation of home-grown cyber and information security.

Ronet Cyber Security

Ronet Cyber Security

Ronet Cyber Security offers crypto forensics services for regulators, law enforcement, companies and individuals to ensure that your transactions are safe and secure.

Vault Cloud

Vault Cloud

Vault Cloud, Australia's National Cloud, is an Australian owned and operated company specialising in secure, sovereign, hyperscale cloud infrastructure.

Cork

Cork

Cork is a purpose-built cyber warranty company for managed service providers (MSPs) serving small businesses (SMBs) and the software solutions they manage.

Seven AI

Seven AI

Seven AI develops cyber security software designed to identify online threats.