APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies

2020-11-19 14:34

China-backed APT Cicada joins the list of threat actors leveraging the Microsoft Zerologon bug to stage attacks against their targets.

Researchers observed a "Large-scale attack campaign targeting multiple Japanese companies" across 17 regions and various industry sectors that engaged in a range of malicious activity, such as credential theft, data exfiltration and network reconnaissance.

Zerologon has been a thorn in the side of Microsoft for some time, with multiple APTs and other attackers taking advantage of unpatched systems.

Last month Microsoft warned that the Iranian group MERCURY APT has been actively exploiting the flaw, while the Ryuk ransomware gang used it to deliver a lightning-fast attack that moved from initial phish to full domain-wide encryption in just five hours.

In addition to Zerologon, attackers also extensively used DLL side-loading in the campaign, a common tactic of APT groups that "Occurs when attackers are able to replace a legitimate library with a malicious one, allowing them to load malware into legitimate processes," researchers said.

News URL

https://threatpost.com/apt-exploits-zerologon-targets-japanese-companies/161383/

#APT #exploit #japanese #microsoft

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		708	787	4587	4647	3639	13660

News URL

Related news

Related vendor