Microsoft’s Threat Intelligence Center has warned about active attacks against the Windows Domain Controllers using the Zerologon bug! These attacks would let hackers take over the entire network in seconds, by attaining admin privileges. Though attackers behind this are touted to be Iranian state-backed group called MuddyWatter.
Iranian Hackers Exploiting Zerologon
Microsoft’s Threat Intelligence Center (MSTIC) has reported about a campaign of hackers attacking the Zerologon vulnerability. Tracking since September 17th, the attacks were performed in order to take control of the target’s network. Though it’s a second stage attack, Zerologon vulnerability has received a severity score of 10/10.
This is because the attack needs less than a minute to be performed, and it’s almost easy. The bug actually lies in the Netlogon authentication protocol of Windows Domain Controller, which verifies the requests being made in a network to access others’ resources. And since this weak protocol can be hijacked, it would give the hackers admin-level privileges.
MSTIC has observed activity by the nation-state actor MERCURY using the CVE-2020-1472 exploit (ZeroLogon) in active campaigns over the last 2 weeks. We strongly recommend patching. Microsoft 365 Defender customers can also refer to these detections: https://t.co/ieBj2dox78
— Microsoft Security Intelligence (@MsftSecIntel) October 5, 2020
Considering the severity of this bug, the cyber wing of DHS has issued orders to all federal agencies to update their systems to avoid being attacked. The bug was so popular that, its proof-of-concept report was made available within hours of documenting it. While Microsoft has issued patches for this in its August update, many have not updated yet.
The hackers behind this were touted to Iranian state-backed group called MuddyWatter. They have the track record of attacking companies in the Middle East and Asia, specifically the intergovernmental, human rights organizations. And since there’s a significant rise in Zerologon attacks, Microsoft urges everyone to update their systems to August monthly update.
Other Trending News:- News