Global cyberattack targets 200,000 network switches (updated)
The attackers displayed a US flag, but it's not clear who's responsible.
The past few days haven't been great for the internet's broader security. Iran's Communication and Information Technology Ministry has reported that it was a victim in a global cyberattack that compromised about 200,000 Cisco switches that hadn't yet received patches for exploits in the company's legacy Smart Install protocol.
The attackers displayed a US flag on at least some screens, complete with a "don't mess with our elections" warning, but the attack wasn't focused on Iran -- only 3,500 switches fell to the exploit in the country.
About 55,000 of the victim devices were in the US, IT Minister Mohammad Javad Azari Jahromi said, while 14,000 were in China. Other victims were located in Europe and India.
Iran's report came shortly after Cisco's Talos research group warned that there had been "several incidents" around the world where "specific advanced actors" had targeted its switches using Smart Install.
There had been a spike in scanning as of November 2017, and it only increased in intensity in March and April.