TEHRAN – “Only two percent of devices in Iran were affected by the recent cyberattack and the attack was neutralized in two hours,” Iran’s Communication and Information Technology Minister Mohammad-Javad Azari Jahromi has said.

Following an attack which was detected late on Friday, a flaw in Cisco switches allowed hackers to target critical infrastructure in many countries with cyberattack, including Iran.

Hackers left the image of a U.S. flag on screens along with a warning about intervention in U.S. election.

“Some 55,000 devices were affected in the United States and 14,000 in China,” he said in an interview with state TV on Saturday. 

Azari Jahromi named Europe, the U.S. as well as India as the main targets of the cyberattack.

“The widespread attack apparently affected 200,000 router switches across the world, including 3,500 switches in our country,” he added.

He said that Iran was not amongst the top ten victims of the cyberattack, however, an Iranian data company, Respina, ranked 6th among data companies that were affected worldwide.

He named other companies including ISIRAN, and Shuttle as the data centers which were most seriously affected by the attack.

Tehran and Semnan cities were mostly affected by the attack, he reported.

He called for being more active and faster in dealing with these issue by updating data center companies.

Network settings were frozen during Noruz 

Previously, Azari Jahromi in a tweet lamented the state-run computer emergency response body MAHER, a Persian acronym for the Computer-related Events Operation and Coordination Center, which had shown “weaknesses in providing information to (affected) companies”.

The telecommunications ministry revealed on Saturday that ten days ago CISCO had warned about the vulnerability of the router switches that were attacked Friday night.

However, many companies froze their networks’ settings during the two-week New Year holidays, Noruz, starting March 21, and that the companies did not update their settings as MAHER failed to inform them of the imminent attack. Friday is a weekend day in Iran.

On Saturday, chief of the detection and prevention center at FATA (Iran’s Cyber Police) said that no sensitive data has been leaked in the Friday cyberattack.

Ali Niknafs added that any Iranian company or organization that faces some type of disorder or anomaly in its network after starting work on Saturday morning should take immediate action to resolve the problems.

According to a security report from the Cisco Talos team, as many as 168,000 systems in the world might have been affected by the flaw.

SB/MQ/MG