Bad news for Microsoft, still grappling with the serious Zerologon Windows security bug that exploits a vulnerability in Netlogon’s applied encryption protocol.
As verified by the company’s Threat Intelligence Center, a real-world hacking campaign is underway by exploiting the Zerologon vulnerability — launched by Iranian state-sponsored hackers, keeping Windows 10 users in check.
The group of Iranian hackers connected to the attack in progress in these hours is called Mercury or MuddyWatter. They had already successfully dealt some hard blows to the servers that act as domain controllers that manage authentication requests for security.
With these targeted actions, cybercriminals would be able to take complete control of the machines that act as the IT hub for the networks of the companies involved. As stated by Microsoft, “a high number of targets involved in work with refugees” and “network technology providers in the Middle East.”
Zerologon was tagged as the most dangerous bug discovered during 2020, and Microsoft has rolled out a security patch (CVE-2020-1472) last August and stem the damage. It didn’t help much though, since the attacks still arrived only a few weeks late despite the update.
Even the choice to postpone the publication of the details on the bug did not pay as much as Microsoft hoped, given that the time made available to system administrators to protect the servers literally went up in smoke — just a few days later, the hackers’ cyber bang started of the Mercury group.
Even the Department of Homeland Security of the United States of America, in light of the enormous risk posed by Zerologon, had given an ultimatum to the federal agencies — three days to update the systems, under penalty of disconnection from the federal networks in order to prevent attacks.