Hackers target Iranian data centers with onscreen message: 'Don't mess with our elections

Hackers attacked computer networks in various countries, including Iranian data centers where they placed an image of a U.S. flag on computer screens with the warning, “Don’t mess with our elections,” Reuters news reported

How did this happen?

Vulnerabilities in Cisco router switches apparently gave hackers an opening, according to published reports.

“The attack apparently affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in our country,” the Communication and Information Technology Ministry said in a statement carried by Iran’s official news agency, which was published by Reuters.

Although Cisco issued a warning and patch to fix it, some firms failed to install the patch over the Iranian new year holiday.

The attack hit also internet service providers and knocked out access for subscribers, Reuters reported.

“Several incidents in multiple countries, including some specifically targeting critical infrastructure, have involved the misuse of the Smart Install protocol...“As a result, we are taking an active stance, and are urging customers, again, of the elevated risk and available remediation paths,” Nick Biasini, a threat researcher at Cisco’s Talos Security Intelligence and Research Group, wrote on a blog.

Cisco said Saturday that the posts were intended to help clients identify weaknesses and prevent a cyber attack, according to Reuters.

What else was affected?

Iran’s IT Minister Mohammad Javad Azari-Jahromi said the attack primarily impacted Europe, India and the United States, according to Reuters.

“Some 55,000 devices were affected in the United States and 14,000 in China, and Iran’s share of affected devices was 2 percent,” Azari-Jahromi stated on state-run TV.

In a tweet, Azari-Jahromi indicated that Iran's state-run computer emergency response organization found “weaknesses in providing information to (affected) companies” after the attack was detected late on Friday in Iran, Reuters reported.

The attack was neutralized within hours and no data was lost, the Technology Organization of Iran, reportedly said.