Tuesday, January 26, 14:42
Home security Microsoft: Iranian hackers exploit Zerologon error!

Microsoft: Iranian hackers exploit Zerologon error!

Microsoft announced yesterday that Iranian hackers are taking advantage of the Zerologon error to execute hacking campaigns. Successful attacks would allow hackers to take over servers who are known as auditors domain, which are the core elements of most corporate networks. This way, hackers can gain complete control over their targets. The attacks carried out by Iranian hackers were detected by Microsoft Threat Intelligence Center (MSTIC), with the tech giant stating in a relevant tweet that these have been going on for at least two weeks.

MSTIC connected them attacks with a group of Iranian hackers known as MickyWatter. However, Microsoft has given it the code name "MERCURY". The group is believed to be working for the Iranian government, under the command of the Islamic Revolutionary Guard Corps, its main intelligence and military service. Iran.

According to Digital Defense Report Microsoft, this team has targeted NGOs, intergovernmental organizations, government agencies providing humanitarian aid and human rights organizations. However, Microsoft says Mercury's latest targets were, among other things refugee organizations and network technology providers in the Middle East.

Iranian hackers

Zerologon has been described as the most dangerous bug revealed in 2020 so far. it is about a vulnerability on Netlogon, the protocol used by the systems Windows for authentication against a Windows server that acts as a domain controller.

According to BleepingComputer, exploiting the Zerologon error can allow hackers to take over an uncontrolled domain controller and consequently the internal network of a target organization. Attacks usually have to be carried out from internal networks, but if the domain controller is exposed to the Internet, they can also be carried out remotely over the Internet.

Zerologon error

Microsoft released updates last August code for the Zerologon vulnerability identified as CVE-2020-1472. However, the first detailed wording on this error was published in September, delaying most of the attacks.

Although security researchers delayed publishing the details to give system administrators more time to make corrections, the proof-of-concept code for Zerologon was released almost the same day as the detailed draft, triggering a wave of attacks within days.

Iranian hackers exploit Microsoft's Zerologon error

Following the revelation of the error, the Ministry of Homeland Security of USA (DHS) gave to the federal services three days to correct domain controllers or disconnect them from federal networks, in order to prevent attacks, which the company expects to happen - and they did, days later.

The MERCURY attacks are estimated to have started about a week after the code was released, and around the same time, Microsoft began detecting the first attempts to exploit Zerologon.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


TikTok: Fixed a vulnerability that would allow phone numbers to be stolen

TikTok started a bug bounty program after discovering various vulnerabilities in its application. This effort seems to have ...

MacOS Big Sur 11.2 RC 2 is now available as a public release

The second "release candidate" version of macOS Big Sur 11.2 is now available to developers and beta users. This comes after the ...

A rare species of cloudless exoplanet has been identified

Astronomers have found another strange exoplanet that could broaden our understanding of the universe. Gizmodo reports ...

COVID-19: Companies compete for the vaccination passport

Those vaccinated against Covid-19 at Dodger Stadium receive a CDC card with handwritten details of when they were given the ...

Tesla / Samsung Partnership: New chip for fully autonomous driving

Tesla has partnered with Samsung on a new 5nm chip that offers fully autonomous driving, according to a new report coming from ...

Office 365: New phishing campaign targets company executives!

A phishing campaign is underway, which appears to provide password expiration reports for Office 365, managing to breach ...

Covid-19: Google Maps will show where vaccinations will be given

The Google Maps app will soon show the vaccination sites for Covid-19, further boosting awareness of ...

Apple Watch Series 7: Will have blood glucose monitoring

According to ETNews, the Apple Watch Series 7 will include the ability to monitor blood glucose through an optical sensor.

Google: North Korean hackers target security researchers via social media

Google has released a report revealing that North Korean hackers are targeting security researchers through social media who are involved in ...

Twitter: Fights misinformation with "Birdwatch"

Twitter unveiled a new feature that aims to step up its efforts to combat misinformation, with the help ...