Security News > 2020 > October > Microsoft Warns of Russian Cybercriminals Exploiting Zerologon Vulnerability
Microsoft reported this week that it has spotted Zerologon attacks apparently conducted by TA505, a notorious Russia-linked cybercrime group.
According to Microsoft, the Zerologon attacks it has observed involve fake software updates that connect to command and control infrastructure known to be associated with TA505, which the company tracks as CHIMBORAZO. The fake updates are designed to bypass the user account control security feature in Windows and they abuse the Windows Script Host tool to execute malicious scripts.
"To exploit the vulnerability, attackers abuse MSBuild.exe to compile Mimikatz updated with built-in ZeroLogon functionality," Microsoft said.
Microsoft first warned users about malicious actors exploiting the Zerologon vulnerability on September 24.
Microsoft has informed customers that applying the patches released in August is only the first phase of addressing the Zerologon vulnerability.