Security News > 2021 > March > More on the Chinese Zero-Day Microsoft Exchange Hack
With regards your question, I'm going to answer it in a bit more depth as there is a lot many realy do not realise both from a defenders and attackers point of view.
The level of the attack signal rises and the level of the signals uncorrelated with the Zero Day attack go down do not remain covery long when you can "Go back in time" repeatedly with "Collect it All" databases.
Thus a smart "Covert APT" attacker will not just "Randomize" the Zero Day it's self but all things related from the start/source of the attack and also remove or randomize all artifacts from the attack.
Whilst an examination of early AV history shows past attackers have realised this and attacked accordingly, "We do not appear to be seeing it with Covert APT".
Generating the same signal twice is effectively as fatal to your Zero Day attack, as is using an OTP Key Stream twice or more, as it enables what is an "Attack in depth" which is the same as a Signal Processing function just from a different "Knowledge domain".
Now oddly this was "Known knowledge" back from the earlier days of computer viruses, but for some reason the Zero Day finders/attackers "We see" do not appear to realise this and thus do not change their behaviours accordingly Or more correctly "The defenders are only seeing those attackers that do not take care to randomize their attack signals sufficiently".
News URL
Related news
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- Microsoft fixes 6 zero-days under active attack (source)
- Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days (source)
- Microsoft Patched 6 Actively Exploited Zero-Day Flaws (source)
- Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group (source)
- Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (source)
- Microsoft: Exchange Online mistakenly tags emails as malware (source)
- Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs (source)
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (source)