Zerologon Vulnerability Used in APT Attacks
MERCURY, the Iranian advanced persistent threat group, is using Zerologon in a new series of attacks detected by Microsoft.
Zerologon, a vulnerability Dark Reading reported on in September, is back, this time in the hands of an Iranian advanced persistent threat group known as MERCURY. In a tweet, Microsoft Security Intelligence said that it has observed MERCURY using CVE-2020-1472 (Zerologon) in active campaigns during the most recent two weeks.
MERCURY — which is also known as MuddyWater, Static Kitten, and Seedworm — has typically targeted government organizations, especially in the Middle East. Its use of ZeroLogon is seen as a critical risk, especially given that four published proof-of-concept exploits in September led the Secretary of Homeland Security to issue a rare emergency directive for immediate remediation.
The new information on MERCURY's Zerologon use has spurred Microsoft to reiterate the importance of immediately patching Windows to close the vulnerability.
For more, read here.
About the Author(s)
You May Also Like
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024