The message “Don’t mess with our elections” followed by a U.S. flag appeared on Iranian and Russian screens after a hacker group exploited Cisco Smart Install Client on vulnerable machines. The hackers claim to have targeted only the computer infrastructure in Iran and Russia during the attack on Friday night.
Reuters reported that Iran’s Communication and Information Technology Ministry said, “The attack apparently affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in our country.”
Researchers from Cisco’s Talos reportedly used Shodan to find over 168,000 systems potentially exposed via the Cisco Smart Install Client. The researchers don’t call it a vulnerability, but a “protocol misuse issue.” That is what it was called back in an “informational” Cisco Security Advisory issued in 2017. Cisco’s Security Advisory issued on Friday, however, lists it as a critical vulnerability.