Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

Hackers Deface Network Switches in Russia, Iran with US Flag

The mysterious hacking group JHT attacked the Cisco switches by exploiting a publicly-known vulnerability in the software.

By Michael Kan
April 9, 2018
Hacker Mobile Security

Hackers last Friday disrupted internet access in Russia and Iran with an attack that left a digital message: an image of the US flag accompanied by the words, "Don't mess with our elections."

The messages were written on Cisco network switches, which came under assault from a mysterious hacking group calling itself "JHT."

JHT Hack

In an email, the group told Motherboard: "We were tired of attacks from government-backed hackers on the United States and other countries."

"We simply wanted to send a message," the group added.

To attack the network switches, the hackers exploited a publicly known bug in Cisco's software that can let you execute code and trigger an outage. Cisco has released a patch, but not everyone has had a chance to install it.

The security firm Kaspersky Lab noticed the disruption and said it mainly hit "the Russian-speaking segment" of the internet by attacking data centers installed with the network switches. As a result, some websites briefly went down.

The hackers most likely programmed a bot to search for the Cisco switches by scanning the open internet, according to Kaspersky Lab.

Iranian authorities reported suffering a disruption too. About 3,500 switches were affected, but most of the network was back online by Saturday, the country's technology ministry said.

So far, the mysterious hacking group JHT has remained largely mum on last Friday's attack. Messages to the the group's email address at [email protected] were not immediately returned. But JHT hasn't been the only party to attack the network switches.

Last Thursday, Cisco published a blog post, mentioning that its devices were coming under the attack by nation-state actors, including those from Russia. The incidents have occurred in "multiple countries" and targeted critical infrastructure, Cisco said.

This comes as Russia has been blamed for not only interfering in the 2016 US election, but for also hacking the the country's energy industry. However, the Kremlin has denied any involvement.

In the meantime, Cisco has published a tool and guidance that can help IT administrators protect their systems from the software vulnerability.

How Your Password Was Stolen
PCMag Logo How Your Password Was Stolen

Like What You're Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Michael Kan

Senior Reporter

I've been with PCMag since October 2017, covering a wide range of topics, including consumer electronics, cybersecurity, social media, networking, and gaming. Prior to working at PCMag, I was a foreign correspondent in Beijing for over five years, covering the tech scene in Asia.

Read Michael's full bio

Read the latest from Michael Kan