Microsoft researchers reported that Iranian cyber espionage group MuddyWater is exploiting the Zerologon vulnerability in attacks in the wild.


MuddyWater Zerologon

Microsoft published a post and a series of tweets to warn of cyber attacks exploiting the Zerologon vulnerability carried out by the Iran-linked APT group known as MuddyWater, aka Mercury.

The Zerologon vulnerability, tracked as CVE-2020-1472, is an elevation of privilege that resides in the Netlogon. The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers.

Read more…