On Friday, a group of hackers targeted computer infrastructure in Russia and Iran, impacting internet service providers, data centres, and in turn some websites. In addition to disabling the equipment, the hackers left a note on affected machines, according to screenshots and photographs shared on social media: “Don’t mess with our elections,” along with an image of an American flag. Now, the hackers behind the attack have said why they did it. “We were tired of attacks from government-backed hackers on the United States and other countries,” someone in control of an email address left in the note told Motherboard Saturday.
In a blog post Friday, cybersecurity firm Kaspersky said the attack was exploiting a vulnerability in a piece of software called Cisco Smart Install Client. Using computer search engine Shodan, Talos (which is part of Cisco) said in its own blog post on Thursday it found 168,000 systems potentially exposed by the software. Talos also wrote it observed hackers exploiting the vulnerability to target critical infrastructure, and that some of the attacks are believed to be from nation-state actors. Indeed, Talos linked the recent activity to a March alert from the US Computer Emergency Readiness Team (CERT), which said Russian government hackers were targeting energy and other critical infrastructure sectors.
Presumably, this is what this week’s vigilante hackers were responding to.
“We simply wanted to send a message,” they told Motherboard.