Cisco security: Russia, Iran switches hit by attackers who leave US flag on screens

Hackers on Friday attacked vulnerable Cisco switches at data centers in Russia and Iran, leaving an image of the US flag and the message: “Don’t mess with our elections”. Cisco last month released a patch for a critical vulnerability affecting Smart Install software. However, the Friday attacks exploited a Smart Install “protocol misuse” issue that Cisco issued an alert over on Thursday.

The company warned it had observed a spike in scans for vulnerable Smart Client switches, and said nation-state hackers are looking to exploit it to target critical infrastructure providers. It also pointed to a recent advisory from US-CERT concerning attacks on critical infrastructure by a Russian hacking group known as Dragonfly. Cisco warned that remote attackers could send Smart Install protocol messages to Smart Install clients to alter the startup configuration file, trigger a reload, and then load a new image of Cisco’s IOS networking software that allows the attack to issue remote commands to the switches.

Read more about how hackers have used Cisco gear to send Russia a message not to mess with US elections on ZDNet.

Track the strategic threats to your business with the Threat Brief, delivered to your email daily.

Subscribe Here