Internet service in Iran returns to normal after cyberattack

Tasnim – The Internet service providers in Iran have resumed operation after a widespread cyberattack on Friday night that affected 168,000 systems in the world, Iran’s minister of communication said.

Iran’s Minister of Communication and Information Technology Mohammad Javad Azari Jahromi announced in a tweet early Saturday that more than 95 percent of the affected switches have resumed normal activities.

Reports say that important Iranian services and websites became out of reach due to a problem in the datacenters of major internet service providers Afranet, Shatel, Sabanet, etc. on Friday night.

According to a security report from the Cisco Talos team as many as 168,000 systems in the world may be affected by the flaw.

A blog post by Cisco’s Talos security unit says the cyberattacks are exploiting what Cisco officials are calling a “protocol misuse” situation in Cisco’s Smart Install Client, which is designed to enable the no-touch installation and deployment of new Cisco hardware, in particular Cisco switches.

Attackers have targeted a protocol issue with the Cisco Smart Install Client. If a user does not configure or turn off the Cisco Smart Install, it will hang out in the background waiting for commands on what to do, according to IFP.

In another tweet on Friday, the Iranian minister said the settings of switching software had been attacked. A picture posted by Azari Jahromi shows the United States’ flag being in the background and a sentence that reads “don’t mess with our (US) elections.”