Last night, a hacker group going under the name "JHT" attacked foreign network infrastructure, including Russian and Iranian networks, using the Cisco CVE-2018-0171 Smart Install vulnerability. Using this vulnerability the hackers were able to reset the routers back to their default configuration and display a message to the victims.
After vulnerable Cisco routers were attacked using the CVE-2018-0171, the router's configuration file called startup-config was overwritten and the router rebooted. Not only did this cause outages for the affected networks, but admins also discovered that the router's startup-config file was changed to a message stating "Don't mess with our elections.... -JHT
usafreedom_jht@tutanota.com" as shown below.
According to
Reuters, Iran's Communication and Information Technology Ministry stated that over 200,000 routers worldwide were affected, with 3,500 of them being in Iran. In a
tweet, Iran's ICT Minister Mohammad Javad Azari-Jahromi stated that by 4:12PM EST yesterday, 95% of the affected routers in Iran had been restored to normal service.
..........
..........
