Quick Hits

Zerologon Vulnerability Used in APT Attacks

MERCURY, the Iranian advanced persistent threat group, is using Zerologon in a new series of attacks detected by Microsoft.

Zerologon, a vulnerability Dark Reading reported on in September, is back, this time in the hands of an Iranian advanced persistent threat group known as MERCURY. In a tweet, Microsoft Security Intelligence said that it has observed MERCURY using CVE-2020-1472 (Zerologon) in active campaigns during the most recent two weeks.

Related Content:

The No Good, Very Bad Week for Iran's Nation-State Hacking Ops

2020 State of Cybersecurity Operations and Incident Response

New on The Edge: Rethinking Email Security in the Face of Fearware

MERCURY — which is also known as MuddyWater, Static Kitten, and Seedworm — has typically targeted government organizations, especially in the Middle East. Its use of ZeroLogon is seen as a critical risk, especially given that four published proof-of-concept exploits in September led the Secretary of Homeland Security to issue a rare emergency directive for immediate remediation.

The new information on MERCURY's Zerologon use has spurred Microsoft to reiterate the importance of immediately patching Windows to close the vulnerability.

For more, read here.