Russian hackers armed with Zerologon vulnerability
Russian hackers armed with Zerologon vulnerability-
Zerologon vulnerability – TA505, aka Evil Corp, uses fake software updates in its attacks.
Microsoft has warned users that the Russian cybercriminal group TA505 is exploiting the Zerologon vulnerability in its attacks.
The attacks recorded by experts use fake software updates that connect to the C&C infrastructure. Which information security experts associate with the TA505 grouping (CHIMBORAZO in the Microsoft classification). Fake updates are capable of bypassing User Account Control (UAC). And also, executing malicious scripts using the legitimate Windows Script Host tool (wscript.exe). During exploitation of the vulnerability, attackers use MSBuild.exe to add Zerologon functionality to Mimikatz.
The TA505 group, also known as Evil Corp, has been active for almost a decade. And is popular primarily for its attacks using banking Trojans and ransomware. Recently cybersecurity experts presentedevidence of TA505 collaboration with North Korean cybercriminal group Lazarus.
Zerologon ( CVE-2020-1472 ) is a privilege escalation vulnerability in Windows Server. As a result, the problem is related to the use of an unreliable encryption algorithm in the Netlogon authentication mechanism. Zerologon allows you to simulate any computer on the network while authenticating to a domain controller, disable Netlogon security features. And change the password in the domain controller’s Active Directory database.
Microsoft recently advice users to install its August security updates that partially fix the vulnerability, as Zerologon is already active exploite point for hackers, including Iranian… So, the August patch is only the first stage of the vulnerability fix – the second should be expected in February 2021.
That’s all on Russian hackers armed with Zerologon vulnerability
WE ARE HERE FOR SERIOUS BUSINESS, WE DO NOT TOLERATE TIME WASTERS AND BEGGARS TRYING TO BEG OR SCAM US OF OUR PRODUCTS. Payment is Upfront, Our services are not free CONTACT US FOR PURCHASE/INQUIRIES, WE RESPOND ALMOST INSTANTLY : WHATSAPP: sudohackers.com CLICK HERE EMAIL: [email protected] EMAIL US NOW ICQ: sudohackers.com CLICK HERE TELEGRAM: sudohackers.com CLICK HERE