Russian hackers armed with Zerologon vulnerability

Russian hackers armed with Zerologon vulnerability

Russian hackers armed with Zerologon vulnerability-

Zerologon vulnerability – TA505, aka Evil Corp, uses fake software updates in its attacks.

Microsoft has warned users that the Russian cybercriminal group TA505 is exploiting the Zerologon vulnerability in its attacks.

The attacks recorded by experts use fake software updates that connect to the C&C infrastructure. Which information security experts associate with the TA505 grouping (CHIMBORAZO in the Microsoft classification). Fake updates are capable of bypassing User Account Control (UAC). And also, executing malicious scripts using the legitimate Windows Script Host tool (wscript.exe). During exploitation of the vulnerability, attackers use MSBuild.exe to add Zerologon functionality to Mimikatz.

The TA505 group, also known as Evil Corp, has been active for almost a decade. And is popular primarily for its attacks using banking Trojans and ransomware. Recently cybersecurity experts presentedevidence of TA505 collaboration with North Korean cybercriminal group Lazarus.

Zerologon ( CVE-2020-1472 ) is a privilege escalation vulnerability in Windows Server. As a result, the problem is related to the use of an unreliable encryption algorithm in the Netlogon authentication mechanism. Zerologon allows you to simulate any computer on the network while authenticating to a domain controller, disable Netlogon security features. And change the password in the domain controller’s Active Directory database.

Microsoft recently advice users to install its August security updates that partially fix the vulnerability, as Zerologon is already active exploite point for hackers, including Iranian… So, the August patch is only the first stage of the vulnerability fix – the second should be expected in February 2021.

That’s all on Russian hackers armed with Zerologon vulnerability

WE ARE HERE FOR SERIOUS BUSINESS, WE DO NOT TOLERATE TIME WASTERS
AND BEGGARS TRYING TO BEG OR SCAM US OF OUR PRODUCTS. 
Payment is Upfront, Our services are not free

 

CONTACT US FOR PURCHASE/INQUIRIES, WE RESPOND ALMOST INSTANTLY :

WHATSAPP: sudohackers.com  CLICK HERE

EMAIL: [email protected] EMAIL US NOW

ICQ:  sudohackers.com  CLICK HERE

TELEGRAM: sudohackers.com  CLICK HERE 


Contact us for support. We sell fresh ATM Hacking, Paypal/Cashapp accounts & Transfers, Dumps with Pin, Western Union Transfers, ATM Skimmers, Bank logins, and lots more.


We have other service like bank transfers to any bank account. W
e have helped change the life of people from different continents south America and across Europe. We can Card anytime for you and ship for half the price, Carding Iphone 11 pro, Botnet setup service, Carding Classes where you will learn everything that will help you make money

Leave a Reply