Hackers on Friday attacked vulnerable Cisco switches at data centers in Russia and Iran, leaving an image of the US flag and the message: “Don’t mess with our elections”. Cisco last month released a patch for a critical vulnerability affecting Smart Install software. However, the Friday attacks exploited a Smart Install “protocol misuse” issue that Cisco issued an alert over on Thursday.
The company warned it had observed a spike in scans for vulnerable Smart Client switches, and said nation-state hackers are looking to exploit it to target critical infrastructure providers. It also pointed to a recent advisory from US-CERT concerning attacks on critical infrastructure by a Russian hacking group known as Dragonfly. Cisco warned that remote attackers could send Smart Install protocol messages to Smart Install clients to alter the startup configuration file, trigger a reload, and then load a new image of Cisco’s IOS networking software that allows the attack to issue remote commands to the switches.
Read more about how hackers have used Cisco gear to send Russia a message not to mess with US elections on ZDNet.