Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Zerologon Vulnerability Used in APT Attacks
MERCURY, the Iranian advanced persistent threat group, is using Zerologon in a new series of attacks detected by Microsoft.
1 Min Read
Zerologon, a vulnerability Dark Reading reported on in September, is back, this time in the hands of an Iranian advanced persistent threat group known as MERCURY. In a tweet, Microsoft Security Intelligence said that it has observed MERCURY using CVE-2020-1472 (Zerologon) in active campaigns during the most recent two weeks.
MERCURY — which is also known as MuddyWater, Static Kitten, and Seedworm — has typically targeted government organizations, especially in the Middle East. Its use of ZeroLogon is seen as a critical risk, especially given that four published proof-of-concept exploits in September led the Secretary of Homeland Security to issue a rare emergency directive for immediate remediation.
The new information on MERCURY's Zerologon use has spurred Microsoft to reiterate the importance of immediately patching Windows to close the vulnerability.
For more, read here.
About the Author
You May Also Like
More Insights
