Zerologon, a vulnerability Dark Reading reported on in September, is back, this time in the hands of an Iranian advanced persistent threat group known as MERCURY. In a tweet, Microsoft Security Intelligence said that it has observed MERCURY using CVE-2020-1472 (Zerologon) in active campaigns during the most recent two weeks.
MERCURY — which is also known as MuddyWater, Static Kitten, and Seedworm — has typically targeted government organizations, especially in the Middle East. Its use of ZeroLogon is seen as a critical risk, especially given that four published proof-of-concept exploits in September led the Secretary of Homeland Security to issue a rare emergency directive for immediate remediation.
The new information on MERCURY's Zerologon use has spurred Microsoft to reiterate the importance of immediately patching Windows to close the vulnerability.
For more, read here.