JHT’s attack on both Iran and Russia


JHT’s attack on both Iran and Russia

In the first week on April, a hackvisit group called JHT launched an attack on Iran and Russia that started with hacking an enormous number of Cisco switches. Most probably they call themselves JHT as a resemblance of protesting against hacking that is based on election. Cisco switches connect between many devices in an office or a certain organization where they control the communication between these devices. Therefore, JHT targeted these switches to attack internet service providers and common sites between Iran and Russia. Many assume that the assault included disclosed vulnerability CVE-2018-0171.

JHT’s attack on both Iran and Russia

JHT’s claim

According to the communication that took place between Motherboard and JHT, they claimed that they attacked the switches to send a message to other hackers targeting other countries that are hired by the government.

JHT made their attack by altering the operating system of the switches to Cisco ISO and used an ASCII code to display the United States flag with the text “Do not mess with our elections”.

A glimpse on the mysterious revealing of CVE-2018-0171, or was the attack issued in another weak point.

It was reported by an Iranian organization that more than 3000 switches were assaulted in Iran and most of them were restored. Another organization mentioned that Russia was the main target, not Iran since the attacks were intended to be on Russian websites. So this organization, Kaspersky Labs, believes that the hackers found a weak spot in the Cisco Smart Install Client that they used to run malicious codes on the switches before using the ISO image.

Some other reports believe that the weak spot was CVE-2018-0171, however, CVE-2018-0171 is shielded against arbitrary attacks by entering such attack in DoS condition. The vast majority agrees with Kaspersky Labs.

The mysterious case of hacktivism 

So many questions are popping after this assault on whether are there any other intentions carried by JHT. Do they really stand for the government? Or do they have another malicious goals covered in the curtain of country loyalty?

Hacktivism was never the talk of the day and nobody cared much about it despite the fact that it holds a strong potential towards many acts. Everybody know cares about the method JHT made its attack, not on the purpose of JHT’s attack and its aim. It might be due to the fact that there is no specific face of the organization, so people do not give much attention. Protests are very powerful to the extent that they are capable of turning the tables on empires.

Related Article: Backdoored Agent Engendering Dofoil Infection