The proof-of-concept exploit code for a vulnerability affecting many Cisco switches has been leveraged by vigilante hackers to mess with networks and data-centers in Russia and Iran.
It seems that there’s a bot that is searching for vulnerable Cisco switches via the IoT search engine Shodan and exploiting the vulnerability in them (or, perhaps, it might be using Cisco’s own utility that is designed to search for vulnerable switches). Once it finds a vulnerable switch, it exploits the Smart Install Client, rewrites the config – and thus takes another segment of the Internet down. That results in some data centers being unavailable, and that, in turn, results in some popular sites being down.
How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%
The attackers left a contact email address in the message and Motherboard managed to get in touch with them.
Apparently, the idea was to retaliate for “attacks from government-backed hackers on the United States and other countries.”
Read more: HelpNet Security