On April 7, according to foreign media reports, a hacker group named 'JHT' attacked the network infrastructure of Russia and Iran with Cisco (Cisco) CVE-2018-0171 (Remote Code Execution Vulnerability) on Friday. , And then spread to the ISPs (Internet service providers), data centers, and some websites of the two countries.
According to Lei Feng, CVE-2018-0171 is a remote code execution vulnerability released by Cisco on March 28, 2018. It is a configuration management protocol Cisco Smart Install (Cisco proprietary protocol) code for Cisco IOS and IOS-XE systems. There is a Buffer Stack Overflow Vulnerability vulnerability. An attacker can send a well-crafted malicious packet to a remote Cisco device's TCP 4786 port without user authentication, triggering a vulnerability that causes the device to remotely execute Cisco system commands or denial of service (DoS). .
This attack mainly utilizes the security holes in the Cisco Smart Install Client software. After exploiting the above vulnerability to attack the Cisco router, the router's configuration file startup-config is overwritten, and the router will restart. In addition to causing the network Interrupted, the hackers also said on the affected machines that they were tired of the government’s support for hackers’ attacks on the United States and other countries, warned that “Do not interfere with our elections,” and attached the pattern of the American flag.
Kaspersky, a network security company, said in a blog post that the attack itself is not complicated and that level hackers can easily do it.
According to Reuters, the Iranian Ministry of Communications and Information Technology said that more than 200,000 routers worldwide have been affected by the attack, of which Iran has 3,500 affected devices. Iran’s Minister of Information and Communication Technology Mohammad Javad Azari-Jahromi publicly stated that the attack The main impact is Europe, India, and the United States. 95% of the currently affected Iranian routers have resumed normal service.
Interestingly, hackers indicated that they had scanned the networks of many countries to find vulnerable systems, including the United Kingdom, the United States and Canada, but only 'attacked' Russia and Iran, for reminding us of the existence of router devices on the United States, Britain and other countries. Vulnerability issues 'serve the best'.
