Security News > 2020 > November > APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies

APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies
2020-11-19 14:34

China-backed APT Cicada joins the list of threat actors leveraging the Microsoft Zerologon bug to stage attacks against their targets.

Researchers observed a "Large-scale attack campaign targeting multiple Japanese companies" across 17 regions and various industry sectors that engaged in a range of malicious activity, such as credential theft, data exfiltration and network reconnaissance.

Zerologon has been a thorn in the side of Microsoft for some time, with multiple APTs and other attackers taking advantage of unpatched systems.

Last month Microsoft warned that the Iranian group MERCURY APT has been actively exploiting the flaw, while the Ryuk ransomware gang used it to deliver a lightning-fast attack that moved from initial phish to full domain-wide encryption in just five hours.

In addition to Zerologon, attackers also extensively used DLL side-loading in the campaign, a common tactic of APT groups that "Occurs when attackers are able to replace a legitimate library with a malicious one, allowing them to load malware into legitimate processes," researchers said.


News URL

https://threatpost.com/apt-exploits-zerologon-targets-japanese-companies/161383/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5127 264 7774