Iranian hackers actively exploit flaw that threatens Microsoft networks


Network administrators are urged to patch the ZeroLogon flaw as quickly as possible, which allows an attacker to take control of an entire Microsoft network domain. According to the publisher, Iranian hacker group Mercury aka MuddyWater exploited this vulnerability in cyber espionage operations that have taken place over the past two weeks.

ZeroLogon is a flaw in Microsoft’s Netlogon remote access protocol. A cryptographic bug makes it possible to impersonate any user of a domain, and in particular the domain controller itself. This allows you to obtain administrator privileges on all machines on the network. A first patch was released on August 11, but many companies haven’t installed it yet. A second patch should arrive in early 2021 to provide more protection.

Mercury primarily targets government agencies in Asian countries, but also makes field trips to the public and private sectors in Europe and North America.

Source link


Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button