A computer engineer checks equipment at an internet service provider in Tehran February 15, 2011.
(photo credit: CAREN FIROUZ / REUTERS)
Iran's internet infrastructure suffered a large-scale cyberattack Friday night according to Iran's Minister of Information and Communications Technology Mohammad Javad Azari-Jahromi.
Hackers left the image of a US flag on screens along with a warning "Don't mess with our elections."
"The attack apparently affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in our country," the Communication and Information Technology Ministry said in a statement carried by Iran's official news agency IRNA.
The attack, which exploited a weakness in Cisco routers, targeted several Iranian internet service providers and cut off access for subscribers, Iranian media has reported. Other countries' internet services were also affected.
Cisco had earlier issued a warning and provided a patch that some firms had failed to install over the Iranian new year holiday on March 20. Cisco did not immediately respond to requests for comment.
A blog published on Thursday by Nick Biasini, a threat researcher at Cisco's Talos Security Intelligence and Research Group, said: "Several incidents in multiple countries, including some specifically targeting critical infrastructure, have involved the misuse of the Smart Install protocol...
"As a result, we are taking an active stance, and are urging customers, again, of the elevated risk and available remediation paths."
Azari-Jahromi posted a picture of a computer screen on Twitter with the image of the US flag and the hackers' message. He said it was not yet clear who had carried out the attack.
Azari-Jahromi said the attack mainly affected Europe, India and the United States, state television reported.
"Some 55,000 devices were affected in the United States and 14,000 in China, and Iran's share of affected devices was 2 percent," Azari-Jahromi was quoted as saying.
In a tweet, Azari-Jahromi said the state computer emergency response body MAHER had shown "weaknesses in providing information to (affected) companies" after the attack which was detected late on Friday in Iran.
Hadi Sajadi, deputy head of the state-run Information Technology Organization of Iran, said the attack was neutralized within hours and no data was lost.