Cisco security: Russia, Iran switches hit by attackers who leave US flag on screens

Hackers on Friday attacked vulnerable Cisco switches at data centers in Russia and Iran, leaving an image of the US flag and the message: “Don’t mess with our elections”. Cisco last month released a patch for a critical vulnerability affecting Smart Install software. However, the Friday attacks exploited a Smart Install “protocol misuse” issue that Cisco¬†issued an alert over on Thursday.

The company warned it had observed a spike in scans for vulnerable Smart Client switches, and said nation-state hackers are looking to exploit it to target critical infrastructure providers. It also pointed to a recent advisory from US-CERT concerning attacks on critical infrastructure by a Russian hacking group known as Dragonfly. Cisco warned that remote attackers could send Smart Install protocol messages to Smart Install clients to alter the startup configuration file, trigger a reload, and then load a new image of Cisco’s IOS networking software that allows the attack to issue remote commands to the switches.

Read more about how hackers have used Cisco gear to send Russia a message not to mess with US elections on ZDNet.

Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief