Security News > 2021 > March > More on the Chinese Zero-Day Microsoft Exchange Hack
With regards your question, I'm going to answer it in a bit more depth as there is a lot many realy do not realise both from a defenders and attackers point of view.
The level of the attack signal rises and the level of the signals uncorrelated with the Zero Day attack go down do not remain covery long when you can "Go back in time" repeatedly with "Collect it All" databases.
Thus a smart "Covert APT" attacker will not just "Randomize" the Zero Day it's self but all things related from the start/source of the attack and also remove or randomize all artifacts from the attack.
Whilst an examination of early AV history shows past attackers have realised this and attacked accordingly, "We do not appear to be seeing it with Covert APT".
Generating the same signal twice is effectively as fatal to your Zero Day attack, as is using an OTP Key Stream twice or more, as it enables what is an "Attack in depth" which is the same as a Signal Processing function just from a different "Knowledge domain".
Now oddly this was "Known knowledge" back from the earlier days of computer viruses, but for some reason the Zero Day finders/attackers "We see" do not appear to realise this and thus do not change their behaviours accordingly Or more correctly "The defenders are only seeing those attackers that do not take care to randomize their attack signals sufficiently".
News URL
Related news
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)